Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Analysis ID:1429051
MD5:f02aaaf0d308cf00b19cd2ee4f389ac5
SHA1:dd2fa4b5d4b10a33551ba682b5e9d1dddbe127c5
SHA256:cf78a3bb1b9513d9c31bde6e6e36860570cd7d192f1a862c8545ea2d2df11c38
Tags:exe
Infos:

Detection

Score:69
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Installs a global keyboard hook
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Writes a notice file (html or txt) to demand a ransom
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a global mouse hook
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe (PID: 1164 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe" MD5: F02AAAF0D308CF00B19CD2EE4F389AC5)
    • unpack200.exe (PID: 2296 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 4148 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 3628 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 5832 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 5428 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 3288 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 6516 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 5952 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 1216 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 1848 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 1268 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • unpack200.exe (PID: 5428 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\rt.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\rt.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • windowslauncher.exe (PID: 5060 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe" "-Xshare:dump" MD5: D56527919A78D6AC6CEF8A9CB3D0B922)
    • unpack200.exe (PID: 5496 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar" MD5: 14A39388617FC5B75646EC85FC9FF9FD)
    • Remote Support.exe (PID: 6224 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713608944217-1" MD5: D56527919A78D6AC6CEF8A9CB3D0B922)
      • windowslauncher.exe (PID: 744 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49722 127.0.0.1 49723 restricted MD5: D56527919A78D6AC6CEF8A9CB3D0B922)
        • Session Elevation Helper (PID: 5324 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup MD5: D56527919A78D6AC6CEF8A9CB3D0B922)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup, CommandLine: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup, CommandLine|base64offset|contains: Wj, Image: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper, NewProcessName: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper, OriginalFileName: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper, ParentCommandLine: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49722 127.0.0.1 49723 restricted, ParentImage: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe, ParentProcessId: 744, ParentProcessName: windowslauncher.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup, ProcessId: 5324, ProcessName: Session Elevation Helper

Snort Signatures

Timestamp:04/20/24-12:27:13.107236
SID:2049863
Source Port:49709
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:04/20/24-12:27:13.237832
SID:2049863
Source Port:49710
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\Remote SupportWinLauncher.exeReversingLabs: Detection: 37%
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeReversingLabs: Detection: 31%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java-rmi.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\elev_win.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shcad.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\javaw.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\session_win.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\pack200.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent64.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\Remote SupportWinLauncher.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\cadasuser.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\SimpleService.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jjs.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper64.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java-rmi.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\elev_win.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shcad.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\javaw.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\session_win.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\pack200.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent64.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\Remote SupportWinLauncher.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\cadasuser.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\SimpleService.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jjs.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper64.exeJump to behavior
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Creates license or readme file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\readme.txtJump to behavior
PE / OLE file has a valid certificate
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\MSVCR100.dllJump to behavior
Binary contains paths to debug symbols
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\unpackexe\unpack200.pdbi source: unpack200.exe, 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000003.00000000.2116800779.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000004.00000000.2132208590.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000005.00000002.2149243996.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000006.00000000.2150882392.000000000003B000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe, 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000003.00000000.2116800779.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000004.00000000.2132208590.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000005.00000002.2149243996.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000006.00000000.2150882392.000000000003B000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: msvcr100.i386.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639716947.000000006CB01000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, unpack200.exe, 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000003.00000002.2130779590.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000004.00000002.2137963953.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000005.00000002.2149805166.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000006.00000002.2170744753.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000007.00000002.2186803365.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libnio\nio.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2642273328.000000006E0F7000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: c:\Users\gchristelis\Documents\Visual Studio 2008\Projects\cad\Release\cad.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libzip\zip.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643472222.00000000733FB000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libfontmanager\fontmanager.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2638487863.000000006C7B1000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libawt\awt.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639279375.000000006CA6A000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libnet\net.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2642630346.000000006E38D000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libjava\java.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643067107.000000006E473000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libfontmanager\fontmanager.pdbp|l source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2638487863.000000006C7B1000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libzip\zip.pdbI source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643472222.00000000733FB000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\jenkins\workspace\zulu8-build-win32\release\hotspot\windows_i486_compiler1\product\jvm.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libverify\verify.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643837886.0000000073A96000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libawt\awt.pdb8n source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639279375.000000006CA6A000.00000002.00000001.01000000.00000011.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004192F3 FindFirstFileA,GetLastError,_strcpy_s,__invoke_watson,0_2_004192F3
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4EFE1 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF4EFE1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF50F84 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF50F84
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4CA9B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,2_2_6CF4CA9B
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF50B33 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF50B33
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4C775 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,2_2_6CF4C775
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF50702 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF50702
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF17C6D _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF17C6D
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4FD86 _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF4FD86
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4DF35 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,2_2_6CF4DF35
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4F8B5 _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF4F8B5
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4DA38 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_seterrormode,SetErrorMode,2_2_6CF4DA38
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4D4FF _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,2_2_6CF4D4FF
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4F40B _stat64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF4F40B
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_00402963 FindFirstFileA,GetLastError,_strcpy_s,__invoke_watson,16_2_00402963
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\lib\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 4x nop then cmp eax, dword ptr [ecx+04h]0_2_04F47BD8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 4x nop then add byte ptr [edi], dh2_2_6CF08468
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 4x nop then push esi2_2_6CEFF640

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2049863 ET TROJAN SimpleHelp Remote Access Software Activity 192.168.2.5:49710 -> 208.75.205.129:80
Source: TrafficSnort IDS: 2049863 ET TROJAN SimpleHelp Remote Access Software Activity 192.168.2.5:49709 -> 208.75.205.129:80
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-JWrapper-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /server_side_parameters HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /translations_user/en.txt HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/brandingfiles?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/applet_splash.png?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/branding.properties?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /simplehelpdisclaimer.txt?language=en HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /simplehelpdetails.txt HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /availableports HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004057B4 InternetOpenA,_memset,InternetCrackUrlA,_memset,_memset,_strncpy,_strncpy,InternetConnectA,HttpOpenRequestA,InternetOpenUrlA,HttpSendRequestA,InternetQueryOptionA,InternetSetOptionA,HttpSendRequestA,__time64,WaitForSingleObject,GetDesktopWindow,InternetErrorDlg,HttpSendRequestA,ReleaseMutex,ReleaseMutex,ReleaseMutex,_memset,__time64,InternetReadFile,WaitForSingleObject,ReleaseMutex,__time64,SetEvent,0_2_004057B4
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Windows32JRE-version.txt?time=4211847998 HTTP/1.1User-Agent: JWrapperDownloaderHost: help.tkfast.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Windows32JRE-version.txt?time=4211847998 HTTP/1.1User-Agent: JWrapperDownloaderHost: help.tkfast.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Windows32JRE-version.txt?time=4211847998 HTTP/1.1User-Agent: JWrapperDownloaderHost: help.tkfast.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-JWrapper-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /server_side_parameters HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /translations_user/en.txt HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/brandingfiles?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/applet_splash.png?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/branding.properties?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /simplehelpdisclaimer.txt?language=en HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /simplehelpdetails.txt HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /availableports HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.tkfast.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: unknownDNS traffic detected: queries for: help.tkfast.com
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000000.2060182249.0000000000438000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007468000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C6F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2625950509.0000000004A8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0.0.254.254
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000000.2060182249.0000000000438000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0.0.254.254%lu
Source: Remote Support.exeString found in binary or memory: http://apache.org/xml/features/standard-uri-conformantrn2
Source: Remote Support.exeString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: Remote Support.exeString found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: Remote Support.exeString found in binary or memory: http://apache.org/xml/properties/input-buffer-sizenal/im
Source: Remote Support.exeString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: Remote Support.exeString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolverXM=
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003707000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.apple.com/root.crl0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003707000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.0000000002412000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.0000000002412000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/sureobject.crl0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.azul.com/zulu/zuludocs/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.azul.com/zulu/zulurelnotes/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007152000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.00000000071B3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595440435.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2594911620.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595440435.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2594911620.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/2
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621948692.000000000289A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.000000000235A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.000000000238B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.0000000002328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.000000000709D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007152000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621948692.000000000289A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.00000000070BD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C63E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/JWrapper-JWrapper-version.txt
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007152000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007468000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C6F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/JWrapper-Remote
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.00000000071B3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C63E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/JWrapper-Remote%20Support-version.txt
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=4211847998
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=42118479983
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595218461.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=4211847998R
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595218461.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=4211847998f
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.000000000058E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=4211847998l
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621948692.000000000289A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customer/jwstat_app_dirC:
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621948692.000000000289A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.tkfast.com/customerjwdyna_wrapper_gu_versions2jwdyna_languageenjwdyna_skip_system_jre1jw
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/tip/src/share/native/sun/security/ec/impl
Source: Remote Support.exeString found in binary or memory: http://java.sun.com/xml/dom/properties/%(
Source: Remote Support.exeString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: Remote Support.exeString found in binary or memory: http://java.sun.com/xml/schema/features/
Source: Remote Support.exeString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: Remote Support.exeString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdTDP
Source: Remote Support.exeString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: Remote Support.exeString found in binary or memory: http://javax.xml.XMLConstants/property/
Source: Remote Support.exeString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2625950509.0000000004A8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://localhost/shtarget.txt
Source: unpack200.exe, 00000002.00000003.2110958166.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2110634912.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2111347581.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2110815096.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2111201818.0000000001736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maven.apa
Source: unpack200.exe, 00000002.00000003.2110958166.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2110634912.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2111347581.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2110815096.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2111201818.0000000001736000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maven.apa.org/POM/4.0.0
Source: unpack200.exe, 00000002.00000003.2114514695.0000000001695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maven.apache.org/POM/4.0.0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003707000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.apple.com/ocsp-devid010
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0?
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.0000000002412000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.0000000002412000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://openjdk.java.net/jeps/220).
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openjdk.java.net/legal/exception-modules-2007-05-08.html
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://relaxngcc.sf.net/).
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.0000000002412000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tartarus.org/~martin/PorterStemmer
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upx.sourceforge.net/upx-license.html.
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upx.tsx.org
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/).
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003707000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003707000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/appleca0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.azul.com
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.azul.com/license/zulu_third_party_licenses.html
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C590000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643067107.000000006E473000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.azulsystems.com/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C569000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643067107.000000006E473000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.azulsystems.com/support/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.azulsystems.com/support/-XX:FlightRecorderOptions-XX:StartFlightRecordingVM
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643067107.000000006E473000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.azulsystems.com/support/java.vendor.url.bughttp://www.azulsystems.com/java.vendor.urlAzul
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freebxml.org/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freebxml.org/).
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freetype.org/license.html
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/copyleft/gpl.html
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.txt
Source: Remote Support.exeString found in binary or memory: http://www.kitfox.com/jackal/jackal.jar
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nexus.hu/upx
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oasis-open.org/policies-guidelines/ipr
Source: Remote Support.exeString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/goto/opensourcecode/request
Source: Remote Support.exeString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: Remote Support.exeString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimitl
Source: Remote Support.exeString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit9
Source: Remote Support.exeString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth/internC
Source: Remote Support.exeString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimiter/XM7
Source: Remote Support.exeString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimitaE
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/Public/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/Public/.
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/cldr/data/.
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html.
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/reports/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xfree86.org/)
Source: Remote Support.exeString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: Remote Support.exeString found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: Remote Support.exeString found in binary or memory: http://xml.org/sax/properties/dom-node
Source: Remote Support.exeString found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zulu.org/forum
Source: unpack200.exe, 00000002.00000003.2114458117.0000000001691000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2114514695.0000000001695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maven.apache.org/xsd/maven-4.0.0.xsd
Source: unpack200.exe, 00000011.00000003.2501534408.00000000013D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pdfbox.apache.org/download.cgi
Source: unpack200.exe, 00000011.00000003.2501534408.00000000013D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pdfbox.apache.org/download.cgissociated
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0D
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0L
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003707000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.0000000003716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apple.com/appleca/0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2625950509.0000000004A8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.whoishostingthis.com/tools/user-agent/

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global keyboard hook
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWindows user hook set: 0 mouse low level C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWindows user hook set: 0 mouse low level C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeJump to behavior

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile dropped: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\en.txt -> encryption = setting up session securityverifying_encryption_details = the remote machine is verifying this connection and setting up encryption to protect any transferred data.verifying_password = verifying passwordverifying_password_details = the remote machine is verifying your passwordconnection_closed = connection closedconnection_closed_details = the connection to the remote machine has been terminated# initial update screentapplet_updating = updating, please wait...tapplet_installing = updating, please wait...tapplet_launching = launching...# web page infodont_see_below = don't see anything below?click_here = (click here)no_javascript_support = your browser does not support javascript.<p></p>javascript is required to view this page, please enable it in your browser or add this site to the trusted sites in your browser settings.no_java_message_part_one = if you don't see anything in the space below then your browser probably doesn't have the latest java runtime.<p></p>you can fix this by dJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004236300_2_00423630
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00401EF70_2_00401EF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0042F0D00_2_0042F0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041A8FC0_2_0041A8FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041D8850_2_0041D885
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041E0B10_2_0041E0B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004311500_2_00431150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0043115B0_2_0043115B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004311660_2_00431166
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0042C9330_2_0042C933
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004369D00_2_004369D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004209E10_2_004209E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0042E2320_2_0042E232
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0040F2F00_2_0040F2F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004162A50_2_004162A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0042C3F10_2_0042C3F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0043146C0_2_0043146C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00434CC00_2_00434CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004204E00_2_004204E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041DC910_2_0041DC91
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041D4B10_2_0041D4B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0042D5390_2_0042D539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00434DC00_2_00434DC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0042CE750_2_0042CE75
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041FEC20_2_0041FEC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00434F000_2_00434F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041CFDE0_2_0041CFDE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004117A00_2_004117A0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_000298092_2_00029809
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_000220DE2_2_000220DE
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_0002126C2_2_0002126C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_0002797C2_2_0002797C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_000281D32_2_000281D3
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_00023A112_2_00023A11
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_0002AAD82_2_0002AAD8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_000214A62_2_000214A6
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_000224932_2_00022493
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_00021DD52_2_00021DD5
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_0002A6372_2_0002A637
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_000236532_2_00023653
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_0002C6542_2_0002C654
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF06E242_2_6CF06E24
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF06E282_2_6CF06E28
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF66E182_2_6CF66E18
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF209192_2_6CF20919
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF809152_2_6CF80915
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF3EB1A2_2_6CF3EB1A
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF084682_2_6CF08468
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF145AE2_2_6CF145AE
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF967FF2_2_6CF967FF
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF6E7F12_2_6CF6E7F1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CEF21F02_2_6CEF21F0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF0A1DD2_2_6CF0A1DD
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF641592_2_6CF64159
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF622CD2_2_6CF622CD
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF0828B2_2_6CF0828B
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4A2772_2_6CF4A277
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF882202_2_6CF88220
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF0839B2_2_6CF0839B
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF81CEF2_2_6CF81CEF
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF09C8E2_2_6CF09C8E
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF03DB12_2_6CF03DB1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF07D202_2_6CF07D20
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF05E202_2_6CF05E20
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4DF352_2_6CF4DF35
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF6F8BA2_2_6CF6F8BA
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF698772_2_6CF69877
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF839682_2_6CF83968
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF91AE02_2_6CF91AE0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4DA382_2_6CF4DA38
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF97B2A2_2_6CF97B2A
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF03B1D2_2_6CF03B1D
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4D4FF2_2_6CF4D4FF
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF6D43B2_2_6CF6D43B
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF035FA2_2_6CF035FA
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF075C12_2_6CF075C1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF096C92_2_6CF096C9
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF996A72_2_6CF996A7
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF057952_2_6CF05795
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF8D7542_2_6CF8D754
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF6B7232_2_6CF6B723
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF631BA2_2_6CF631BA
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF6516D2_2_6CF6516D
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF1911E2_2_6CF1911E
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF992952_2_6CF99295
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF072102_2_6CF07210
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_0040810516_2_00408105
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_0040559016_2_00405590
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_00404F6B16_2_00404F6B
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_004063E116_2_004063E1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D8047918_3_25D80479
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D8047918_3_25D80479
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D80C2618_3_25D80C26
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D80C2618_3_25D80C26
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25CDCC9618_3_25CDCC96
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25CDCC9618_3_25CDCC96
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D8047918_3_25D80479
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D8047918_3_25D80479
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D80C2618_3_25D80C26
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D80C2618_3_25D80C26
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25CDCC9618_3_25CDCC96
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25CDCC9618_3_25CDCC96
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D43A4C18_3_25D43A4C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25D4367918_3_25D43679
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe 14F684600450CDBCDBA40A554DA7F96E7756B5733B4854F5B30B9A35D26CBA4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: String function: 0040A137 appears 406 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: String function: 0040E710 appears 185 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: String function: 00420484 appears 53 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: String function: 00418EEA appears 40 times
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: String function: 6CF00934 appears 74 times
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: String function: 6CF0A455 appears 38 times
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: String function: 000214BA appears 34 times
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: String function: 6CF0B69A appears 61 times
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: String function: 6CF00950 appears 152 times
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: String function: 00405530 appears 41 times
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: String function: 00402112 appears 42 times
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2642352482.000000006E0FD000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamenio.dll8 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2644062264.0000000073A9A000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameverify.dll8 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639016013.000000006C850000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamefreetype.dll2 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639016013.000000006C850000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamefreetype.dllD vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639542740.000000006CAD1000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenameawt.dll8 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643211843.000000006E47E000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamejava.dll8 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2642835801.000000006E393000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamenet.dll8 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2638642120.000000006C7C9000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamefontmanager.dll8 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640071629.000000006CBB9000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2642031705.000000006CF68000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamejvm.dll8 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643552224.0000000073402000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamezip.dll8 vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2623598899.0000000002FC4000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal69.rans.spyw.evad.winEXE@34/259@2/2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004092EF GetLastError,FormatMessageA,lstrlenA,lstrlenA,lstrlenA,LocalAlloc,LocalFree,LocalFree,LocalFree,0_2_004092EF
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4D3BB _getdiskfree,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_memset,GetDiskFreeSpaceA,GetLastError,_errno,2_2_6CF4D3BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote SupportJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperMutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * from Win32_Processor
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeReversingLabs: Detection: 31%
Source: unpack200.exeString found in binary or memory: (For more information, run %s --help .)
Source: unpack200.exeString found in binary or memory: (For more information, run %s --help .)
Source: unpack200.exeString found in binary or memory: (For more information, run %s --help .)
Source: unpack200.exeString found in binary or memory: (For more information, run %s --help .)
Source: Remote Support.exeString found in binary or memory: !ULcom/kitfox/svg/Stop;
Source: Remote Support.exeString found in binary or memory: !ULcom/kitfox/svg/Stop;
Source: Remote Support.exeString found in binary or memory: acom/kitfox/svg/Stop
Source: Remote Support.exeString found in binary or memory: acom/kitfox/svg/Stop
Source: Remote Support.exeString found in binary or memory: '5*?marker-starty
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe" "-Xshare:dump"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713608944217-1"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49722 127.0.0.1 49723 restricted
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe" "-Xshare:dump" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713608944217-1"Jump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49722 127.0.0.1 49723 restrictedJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: networkexplorer.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: sfc.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: msvcr100.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: opengl32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: glu32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: sfc.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: msvcr100.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: opengl32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: glu32.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeStatic file information: File size 28436544 > 1048576
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\MSVCR100.dllJump to behavior
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\unpackexe\unpack200.pdbi source: unpack200.exe, 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000003.00000000.2116800779.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000004.00000000.2132208590.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000005.00000002.2149243996.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000006.00000000.2150882392.000000000003B000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe, 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000003.00000000.2116800779.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000004.00000000.2132208590.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000005.00000002.2149243996.000000000003B000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000006.00000000.2150882392.000000000003B000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: msvcr100.i386.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639716947.000000006CB01000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, unpack200.exe, 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000003.00000002.2130779590.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000004.00000002.2137963953.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000005.00000002.2149805166.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000006.00000002.2170744753.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, unpack200.exe, 00000007.00000002.2186803365.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libnio\nio.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2642273328.000000006E0F7000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: c:\Users\gchristelis\Documents\Visual Studio 2008\Projects\cad\Release\cad.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libzip\zip.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643472222.00000000733FB000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libfontmanager\fontmanager.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2638487863.000000006C7B1000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libawt\awt.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639279375.000000006CA6A000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libnet\net.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2642630346.000000006E38D000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libjava\java.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643067107.000000006E473000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libfontmanager\fontmanager.pdbp|l source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2638487863.000000006C7B1000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libzip\zip.pdbI source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643472222.00000000733FB000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\jenkins\workspace\zulu8-build-win32\release\hotspot\windows_i486_compiler1\product\jvm.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libverify\verify.pdb source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643837886.0000000073A96000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win32\release\jdk\objs\libawt\awt.pdb8n source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2639279375.000000006CA6A000.00000002.00000001.01000000.00000011.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00428332 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00428332
Source: utils_wnative_winpty_intel-64.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x38241
Source: jjs.exe.0.drStatic PE information: real checksum: 0x1152d should be: 0x10b62
Source: shcad.exe.0.drStatic PE information: real checksum: 0x13bcf should be: 0x2dd75
Source: jvm.dll.0.drStatic PE information: real checksum: 0x3cb144 should be: 0x3d6baa
Source: javaw.exe.0.drStatic PE information: real checksum: 0x2ec38 should be: 0x30369
Source: winpty-agent.exe.0.drStatic PE information: real checksum: 0x3dddd should be: 0x4267d
Source: utils_wnative_dxgi_intel-64.dll.0.drStatic PE information: real checksum: 0x26d83 should be: 0x27976
Source: cadasuser.exe.0.drStatic PE information: real checksum: 0x15750 should be: 0x2c5c2
Source: Remote SupportWinLauncher.exe.0.drStatic PE information: real checksum: 0x58e43 should be: 0x8e480
Source: utils_wnative_intel-32.dll.0.drStatic PE information: real checksum: 0x38c46 should be: 0x39518
Source: simplehelper64.exe.0.drStatic PE information: real checksum: 0x14642 should be: 0x15834
Source: SimpleService.exe.0.drStatic PE information: real checksum: 0x1cc64 should be: 0x1e28d
Source: windowslauncher.exe.0.drStatic PE information: real checksum: 0x270ff should be: 0x27a12
Source: jwutils_win32.dll.0.drStatic PE information: real checksum: 0x26fe6 should be: 0x3664f
Source: utils_wnative_shpty_intel-64.dll.0.drStatic PE information: real checksum: 0x18027 should be: 0x2697f
Source: utils_wnative_winpty_intel-32.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x33d45
Source: utils_wnative_intel-64.dll.0.drStatic PE information: real checksum: 0x3b2f0 should be: 0x3c0ae
Source: Remote Support.exe.0.drStatic PE information: real checksum: 0x270ff should be: 0x27a12
Source: unpack200.exe.0.drStatic PE information: real checksum: 0x2efbf should be: 0x2fbf1
Source: utils_wnative_dxgi_intel-32.dll.0.drStatic PE information: real checksum: 0x28f63 should be: 0x2a362
Source: winpty-agent64.exe.0.drStatic PE information: real checksum: 0x4c96d should be: 0x4acd5
Source: session_win.exe.0.drStatic PE information: real checksum: 0x18543 should be: 0x35d94
Source: java.exe.0.drStatic PE information: real checksum: 0x36027 should be: 0x2fcd1
Source: pack200.exe.0.drStatic PE information: real checksum: 0x1101a should be: 0x1274b
Source: java-rmi.exe.0.drStatic PE information: real checksum: 0x9212 should be: 0x12ebb
Source: elev_win.exe.0.drStatic PE information: real checksum: 0x19839 should be: 0x3cd17
Source: jwutils_win64.dll.0.drStatic PE information: real checksum: 0x3aa5f should be: 0x44100
Source: simplehelper.exe.0.drStatic PE information: real checksum: 0x16ea2 should be: 0x150fa
Source: utils_wnative_shpty_intel-32.dll.0.drStatic PE information: real checksum: 0x1a02b should be: 0x2375a
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_3_005C4DEA push ss; ret 0_3_005C4F92
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_3_005C4D09 push ss; ret 0_3_005C4F92
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_3_005C4DB9 push ss; ret 0_3_005C4F92
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004204C9 push ecx; ret 0_2_004204DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00426521 push 33000001h; retf 0_2_00426526
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00426623 push ebp; ret 0_2_00426624
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04F4E098 push cs; ret 0_2_04F4E0E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04F4524C pushad ; iretd 0_2_04F45271
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAD6F7 push 00000000h; mov dword ptr [esp], esp0_2_04EAD721
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAD6E0 push 00000000h; mov dword ptr [esp], esp0_2_04EAD721
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB6D6 push 00000000h; mov dword ptr [esp], esp0_2_04EAB76D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB747 push 00000000h; mov dword ptr [esp], esp0_2_04EAB76D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB739 push 00000000h; mov dword ptr [esp], esp0_2_04EAB76D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB8F6 push 00000000h; mov dword ptr [esp], esp0_2_04EAB98D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAA00A push ecx; ret 0_2_04EAA01A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAA01B push ecx; ret 0_2_04EAA025
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB1A9 push 00000000h; mov dword ptr [esp], esp0_2_04EAB1DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB1B7 push 00000000h; mov dword ptr [esp], esp0_2_04EAB1DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB967 push 00000000h; mov dword ptr [esp], esp0_2_04EAB98D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB146 push 00000000h; mov dword ptr [esp], esp0_2_04EAB1DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAB959 push 00000000h; mov dword ptr [esp], esp0_2_04EAB98D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04EAC277 push 00000000h; mov dword ptr [esp], esp0_2_04EAC29D
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_00039555 push ecx; ret 2_2_00039568
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CEF2D80 push eax; ret 2_2_6CEF2D9E
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF00995 push ecx; ret 2_2_6CF009A8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF1A6AA push EF3FEFD4h; iretd 2_2_6CF1A6B1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF19CD8 pushad ; iretd 2_2_6CF19CE6
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF0BF60 push ecx; ret 2_2_6CF0BF73
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_00405575 push ecx; ret 16_2_00405588
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25C656C3 push eax; ret 18_3_25C656C9
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeCode function: 18_3_25C667CF push eax; ret 18_3_25C66801
Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.909044922675825
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_shpty_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java-rmi.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\sunec.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\instrument.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\mlib_image.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\sunmscapi.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_winpty_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\WindowsAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\WindowsAccessBridge.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\management.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\dt_socket.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\SimpleService.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\zip.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jaas_nt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\j2pkcs11.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\dt_shmem.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\elev_win.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shcad.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\javaw.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_dxgi_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\j2pcsc.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\hprof.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\freetype.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jdwp.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\cadasuser.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\fontmanager.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsoundds.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_dxgi_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwutils_win64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\msvcr100.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\splashscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsound.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\awt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jjs.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\npt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwutils_win32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_shpty_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JAWTAccessBridge.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\client\jvm.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\session_win.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\pack200.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jawt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsdt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_winpty_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\net.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JavaAccessBridge.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\nio.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jli.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\Remote SupportWinLauncher.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\lcms.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\verify.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\readme.txtJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4A277 GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,2_2_6CF4A277
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * from Win32_PhysicalMemory
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MemoryErrorCorrection from Win32_PhysicalMemoryArray
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT DeviceID, Name, Model, InterfaceType, MediaType, Size, SerialNumber from Win32_DiskDrive
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * from Win32_PhysicalMemory
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MemoryErrorCorrection from Win32_PhysicalMemoryArray
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_04F4D706 sldt cx0_2_04F4D706
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_shpty_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java-rmi.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\sunec.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\instrument.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\mlib_image.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\sunmscapi.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_winpty_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\WindowsAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\WindowsAccessBridge.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\management.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\dt_socket.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\zip.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\SimpleService.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jaas_nt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\j2pkcs11.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\dt_shmem.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\elev_win.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shcad.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\javaw.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_dxgi_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\j2pcsc.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\hprof.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\freetype.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jdwp.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\cadasuser.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\fontmanager.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsoundds.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_dxgi_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwutils_win64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\splashscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsound.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\awt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jjs.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\npt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwutils_win32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_shpty_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JAWTAccessBridge.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\client\jvm.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\session_win.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\pack200.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_winpty_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsdt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jawt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\net.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JavaAccessBridge.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\nio.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jli.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\Remote SupportWinLauncher.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\lcms.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\verify.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-42766
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-75005
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeAPI coverage: 3.9 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe TID: 6388Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber,Version,Name,Manufacturer from Win32_BIOS
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT IdentifyingNumber,Version,Vendor,Name from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * from Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004192F3 FindFirstFileA,GetLastError,_strcpy_s,__invoke_watson,0_2_004192F3
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4EFE1 _stat32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF4EFE1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF50F84 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF50F84
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4CA9B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,2_2_6CF4CA9B
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF50B33 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF50B33
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4C775 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,2_2_6CF4C775
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF50702 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF50702
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF17C6D _wstat64i32,_wcspbrk,_getdrive,FindFirstFileExW,_wcspbrk,_wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,towlower,GetDriveTypeW,free,___loctotime64_t,free,_wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF17C6D
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4FD86 _stat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime32_t,free,__wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF4FD86
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4DF35 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,__invoke_watson,2_2_6CF4DF35
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4F8B5 _stat64i32,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64i32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF4F8B5
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4DA38 _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_seterrormode,SetErrorMode,2_2_6CF4DA38
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4D4FF _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,__invoke_watson,2_2_6CF4D4FF
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF4F40B _stat64,__doserrno,_errno,_invalid_parameter_noinfo,_mbspbrk,_errno,__doserrno,_mbctolower,_getdrive,FindFirstFileExA,_mbspbrk,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,free,___loctotime64_t,free,__wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,2_2_6CF4F40B
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_00402963 FindFirstFileA,GetLastError,_strcpy_s,__invoke_watson,16_2_00402963
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF76C74 _resetstkoflw,VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect,2_2_6CF76C74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\lib\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: lNo virtualization detectedPower full partitionPower KVM virtualizationPowerVM virtualizationHyperV virtualizationVMWare virtualizationKVM virtualizationXen hardware-assisted virtualizationx/
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621298477.0000000002420000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fVirtualMachineError.java
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2586710053.00000000049DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2586710053.00000000049DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *+com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Copyright (C) 2009 VMware, Inc. All Rights Reserved.
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: java/lang/VirtualMachineError
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: Unable to link/verify VirtualMachineError class
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621298477.0000000002420000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: i[Ljava/lang/VirtualMachineError;
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621298477.0000000002420000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Rjava/lang/VirtualMachineError
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2586710053.00000000049DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2594911620.000000000060A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.000000000060A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595440435.000000000060A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2586710053.00000000049DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: l{constant pool}CodeCache Oops C-heap JNIHandles MetaspaceAux SystemDictionary CodeCache StringTable SymbolTable Heap Threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classDelayed StackOverflowError due to ReservedStackAccess annotated methodC:\jenkins\workspace\zulu8-build-win32\zulu-src\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\jenkins\workspace\zulu8-build-win32\zulu-src\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool()) failedvtable restored by this call<pseudo-string> cache=0x%08x (extra) for /operands[%d]/preresolutionconstant pool [%d]A constant pool lockC:\jenkins\workspace\zulu8-build-win32\zulu-src\hotspot\src\share\vm\oops\constantPool.cppguarantee(!ConstantPool::is_invokedynamic_index(which)) failedan invokedynamic instruction does not have a klassRESOLVE %s %s
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2594911620.000000000060A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.000000000060A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595440435.000000000060A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW,
Source: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: VMWare virtualization
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeAPI call chain: ExitProcess graph end nodegraph_0-42029
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeAPI call chain: ExitProcess graph end nodegraph_2-75006
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00421383 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00421383
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF76C74 VirtualProtect ?,-00000001,00000104,?2_2_6CF76C74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00428332 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00428332
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041EA2A GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__amsg_exit,0_2_0041EA2A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00421383 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00421383
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00418D3B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00418D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00428F59 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_LocaleUpdate::_LocaleUpdate,__isctype_l,0_2_00428F59
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_0003927C SetUnhandledExceptionFilter,2_2_0003927C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_00038C30 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_00038C30
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF7ADFC _crt_debugger_hook,_memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,2_2_6CF7ADFC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF00807 __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_6CF00807
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: 2_2_6CF7C16F __report_gsfailure,IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_6CF7C16F
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_00402468 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00402468
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_0040C1BF __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_0040C1BF
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: 16_2_00405E68 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00405E68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeMemory protected: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe" "-Xshare:dump" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713608944217-1"Jump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49722 127.0.0.1 49723 restrictedJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\crs-agent.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\crs-agent.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\charsets.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\charsets.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\jsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\jsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\jaccess.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\jaccess.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunpkcs11.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\access-bridge.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\access-bridge.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\access-bridge-32.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\access-bridge-32.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\openjsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\openjsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\legacy8ujsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\legacy8ujsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\cldrdata.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\cldrdata.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunmscapi.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunmscapi.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows32jre-00084000053-complete\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608830-0-app\customer-jar-with-dependencies.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608830-0-app\customer-jar-with-dependencies.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows32jre-00084000053-complete\bin\remote support.exe" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx512m -xms5m -xx:minheapfreeratio=15 -xx:maxheapfreeratio=30 -djava.util.arrays.uselegacymergesort=true -djava.net.preferipv4stack=true -dsun.java2d.dpiaware=true -dhttps.protocols=tlsv1,tlsv1.1,tlsv1.2,tlsv1.3 -dsun.awt.fontconfig=fontconfig.properties jwrapper.jwrapper "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\unrestricted\jwlaunchproperties-1713608944217-1"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows32jre-00084000053-complete\bin\windowslauncher.exe" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx128m -xms5m -dsun.java2d.dpiaware=true "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" com.aem.sdesktop.util.mousemover 127.0.0.1 49722 127.0.0.1 49723 restricted
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows32jre-00084000053-complete\bin\session elevation helper" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx128m -xms5m -dsun.java2d.dpiaware=true "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" com.aem.sdesktop.util.mousemover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\crs-agent.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\crs-agent.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\charsets.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\charsets.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\jsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\jsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\jaccess.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\jaccess.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\access-bridge.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\access-bridge.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\access-bridge-32.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\access-bridge-32.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\openjsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\openjsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\legacy8ujsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\legacy8ujsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\cldrdata.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\cldrdata.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunmscapi.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunmscapi.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608892-0-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows32jre-00084000053-complete\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608830-0-app\customer-jar-with-dependencies.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713608830-0-app\customer-jar-with-dependencies.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows32jre-00084000053-complete\bin\remote support.exe" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx512m -xms5m -xx:minheapfreeratio=15 -xx:maxheapfreeratio=30 -djava.util.arrays.uselegacymergesort=true -djava.net.preferipv4stack=true -dsun.java2d.dpiaware=true -dhttps.protocols=tlsv1,tlsv1.1,tlsv1.2,tlsv1.3 -dsun.awt.fontconfig=fontconfig.properties jwrapper.jwrapper "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\unrestricted\jwlaunchproperties-1713608944217-1"Jump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows32jre-00084000053-complete\bin\windowslauncher.exe" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx128m -xms5m -dsun.java2d.dpiaware=true "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" com.aem.sdesktop.util.mousemover 127.0.0.1 49722 127.0.0.1 49723 restrictedJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows32jre-00084000053-complete\bin\session elevation helper" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx128m -xms5m -dsun.java2d.dpiaware=true "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" com.aem.sdesktop.util.mousemover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_004287F1 cpuid 0_2_004287F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: GetLocaleInfoA,0_2_0042B9B3
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: GetLocaleInfoW,free,_calloc_crt,strncpy_s,GetLocaleInfoW,GetLocaleInfoW,_calloc_crt,GetLocaleInfoW,GetLastError,_calloc_crt,free,free,__invoke_watson,2_2_6CF0888A
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: _getptd,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_itoa_s,__fassign,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,strcpy_s,__invoke_watson,2_2_6CF08468
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: GetLocaleInfoA,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,_errno,2_2_6CF065F0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: GetLocaleInfoW,strcmp,strcmp,GetLocaleInfoW,atol,GetACP,2_2_6CF085AC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,_freea_s,malloc,2_2_6CF0871C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_6CF7F42E
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,2_2_6CF7F0DB
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: _getptd,_LcidFromHexString,GetLocaleInfoA,_stricmp,2_2_6CF7F034
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: _getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,_stricmp,GetLocaleInfoA,_stricmp,_strnicmp,_strlen,GetLocaleInfoA,_stricmp,_strlen,_stricmp,_TestDefaultLanguage,2_2_6CF7F136
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_6CF7F3C7
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exeCode function: _getptd,_LcidFromHexString,GetLocaleInfoA,_stricmp,_stricmp,_TestDefaultLanguage,2_2_6CF7F307
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exeCode function: GetLocaleInfoA,16_2_0040E828
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeQueries volume information: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\nativesplash.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041B9E8 __invoke_watson,GetSystemTimeAsFileTime,__aulldiv,GetTimeZoneInformation,__aulldiv,__aullrem,__aulldiv,0_2_0041B9E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_00409D0C _getenv,GetUserNameA,_strlen,_memset,_sprintf,_strlen,_strlen,_malloc,0_2_00409D0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041B9E8 __invoke_watson,GetSystemTimeAsFileTime,__aulldiv,GetTimeZoneInformation,__aulldiv,__aullrem,__aulldiv,0_2_0041B9E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeCode function: 0_2_0041EA2A GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__amsg_exit,0_2_0041EA2A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts331
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		11
Disable or Modify Tools		111
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts3
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol111
Input Capture		1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts12
Command and Scripting Interpreter		Logon Script (Windows)11
Process Injection		4
Obfuscated Files or Information		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Software Packing		NTDS158
System Information Discovery		Distributed Component Object ModelInput Capture12
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets441
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Search Order Hijacking		Cached Domain Credentials24
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Masquerading		DCSync1
System Owner/User Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job24
Virtualization/Sandbox Evasion		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe32%ReversingLabsWin32.Trojan.Generic
SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe100%AviraTR/Dldr.Agent.wkvfv

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\Remote SupportWinLauncher.exe38%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\SimpleService.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\cadasuser.exe4%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\elev_mac0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\elev_win.exe4%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwutils_win32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwutils_win64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\session_win.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\setsid0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shcad.exe4%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shlinuxutil0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shlinuxutil32arm0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shlinuxutil640%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shlinuxutil64arm0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper64.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_dxgi_intel-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_dxgi_intel-64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_intel-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_intel-64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_shpty_intel-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_shpty_intel-64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_winpty_intel-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_winpty_intel-64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent64.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JAWTAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JAWTAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JavaAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JavaAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\WindowsAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\WindowsAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\awt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\client\jvm.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\dt_shmem.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\dt_socket.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\fontmanager.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\freetype.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\hprof.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\instrument.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\j2pcsc.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\j2pkcs11.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jaas_nt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java-rmi.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\javaw.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jawt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jdwp.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jjs.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jli.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jpeg.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsdt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsound.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsoundds.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\lcms.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
help.tkfast.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://java.sun.com/xml/schema/features/0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/report-cdata-event0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://java.sun.com/xml/dom/properties/ancestor-check0%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://javax.xml.XMLConstants/property/0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://www.freebxml.org/).0%VirustotalBrowse
http://www.xfree86.org/)0%VirustotalBrowse
http://help.tkfast.com0%VirustotalBrowse
http://wildsau.idv.uni-linz.ac.at/mfx/upx.html0%VirustotalBrowse
http://0.0.254.2540%VirustotalBrowse
http://www.freebxml.org/0%VirustotalBrowse
http://help.tkfast.com/0%VirustotalBrowse
http://www.kitfox.com/jackal/jackal.jar0%VirustotalBrowse
http://www.nexus.hu/upx0%VirustotalBrowse
http://zulu.org/forum0%VirustotalBrowse
http://upx.tsx.org0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
help.tkfast.com
208.75.205.129
truetrueunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=4211847998true
    		unknown
    http://help.tkfast.com/simplehelpdisclaimer.txt?language=entrue
      		unknown
      http://help.tkfast.com/branding/brandingfiles?a=3true
        		unknown
        http://help.tkfast.com/simplehelpdetails.txttrue
          		unknown
          http://help.tkfast.com/customer/JWrapper-Remote%20Support-version.txttrue
            		unknown
            http://help.tkfast.com/server_side_parameterstrue
              		unknown
              http://help.tkfast.com/branding/branding.properties?a=3true
                		unknown
                http://help.tkfast.com/customer/JWrapper-JWrapper-version.txttrue
                  		unknown
                  http://help.tkfast.com/availableportstrue
                    		unknown
                    http://help.tkfast.com/branding/applet_splash.png?a=3true
                      		unknown
                      http://help.tkfast.com/translations_user/en.txttrue
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://apache.org/xml/features/validation/dynamicRemote Support.exefalse
                          		high
                          http://java.sun.com/xml/schema/features/Remote Support.exefalse
                          • URL Reputation: safe
                          		unknown
                          http://maven.apache.org/POM/4.0.0unpack200.exe, 00000002.00000003.2114514695.0000000001695000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.azul.comSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://www.freetype.org/license.htmlSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://java.sun.com/xml/dom/properties/%(Remote Support.exefalse
                                  		unknown
                                  http://maven.apaunpack200.exe, 00000002.00000003.2110958166.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2110634912.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2111347581.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2110815096.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2111201818.0000000001736000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://www.freebxml.org/).SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                    http://0.0.254.254SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000000.2060182249.0000000000438000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007468000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C6F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2625950509.0000000004A8C000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                    http://help.tkfast.comSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007152000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.00000000071B3000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                    https://www.whoishostingthis.com/tools/user-agent/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2625950509.0000000004A8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://pdfbox.apache.org/download.cgiunpack200.exe, 00000011.00000003.2501534408.00000000013D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://pdfbox.apache.org/download.cgissociatedunpack200.exe, 00000011.00000003.2501534408.00000000013D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://maven.apache.org/xsd/maven-4.0.0.xsdunpack200.exe, 00000002.00000003.2114458117.0000000001691000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2114514695.0000000001695000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://java.sun.com/xml/stream/properties/report-cdata-eventRemote Support.exefalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://wildsau.idv.uni-linz.ac.at/mfx/upx.htmlSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                            http://0.0.254.254%luSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000000.2060182249.0000000000438000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		low
                                              http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.xfree86.org/)SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                              http://www.azulsystems.com/support/-XX:FlightRecorderOptions-XX:StartFlightRecordingVMSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                		high
                                                http://www.kitfox.com/jackal/jackal.jarRemote Support.exefalseunknown
                                                http://xml.org/sax/features/allow-dtd-events-after-endDTDRemote Support.exefalse
                                                  		high
                                                  http://www.ecma-international.org/memento/codeofconduct.htmSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://apache.org/xml/features/validation/balance-syntax-treesRemote Support.exefalse
                                                      		high
                                                      http://www.unicode.org/cldr/data/.SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://help.tkfast.com/customer/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.000000000709D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007152000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621948692.000000000289A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.00000000070BD000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://javax.xml.XMLConstants/property/accessExternalDTD;Remote Support.exefalse
                                                            		unknown
                                                            http://help.tkfast.com/2SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595440435.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2594911620.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://secure.comodo.com/CPS0LSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://java.sun.com/xml/dom/properties/ancestor-checkRemote Support.exefalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://docs.azul.com/zulu/zulurelnotes/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://help.tkfast.com/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595440435.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2594911620.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                  http://www.gnu.org/copyleft/gpl.htmlSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://xml.org/sax/properties/lexical-handlerRemote Support.exefalse
                                                                      		high
                                                                      http://maven.apa.org/POM/4.0.0unpack200.exe, 00000002.00000003.2110958166.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2110634912.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2111347581.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2110815096.0000000001736000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000002.00000003.2111201818.0000000001736000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.azul.com/license/zulu_third_party_licenses.htmlSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://apache.org/xml/properties/input-buffer-sizenal/imRemote Support.exefalse
                                                                            		high
                                                                            http://www.freebxml.org/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                            http://www.oracle.com/goto/opensourcecode/requestSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://ocsp.sectigo.com0SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://apache.org/xml/properties/internal/error-handlerRemote Support.exefalse
                                                                                		high
                                                                                http://help.tkfast.com/customerSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621948692.000000000289A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.000000000235A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.000000000238B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2620409954.0000000002328000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://upx.sourceforge.net/upx-license.html.SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://help.tkfast.com/customerjwdyna_wrapper_gu_versions2jwdyna_languageenjwdyna_skip_system_jre1jwSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621948692.000000000289A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://javax.xml.XMLConstants/property/Remote Support.exefalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/tip/src/share/native/sun/security/ec/implSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://openjdk.java.net/jeps/220).SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                          		high
                                                                                          http://mozilla.org/MPL/2.0/.SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.apache.org/).SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://apache.org/xml/features/standard-uri-conformantrn2Remote Support.exefalse
                                                                                                		high
                                                                                                http://www.unicode.org/Public/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=4211847998lSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=4211847998fSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595218461.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://sectigo.com/CPS0DSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://relaxngcc.sf.net/).SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.nexus.hu/upxSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                        http://tartarus.org/~martin/PorterStemmerSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://openjdk.java.net/legal/exception-modules-2007-05-08.htmlSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.oracle.com/feature/use-service-mechanismRemote Support.exefalse
                                                                                                              		high
                                                                                                              http://www.oasis-open.org/policies-guidelines/iprSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://zulu.org/forumSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                                http://www.azulsystems.com/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C590000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643067107.000000006E473000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=4211847998RSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2595218461.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.00000000005B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://docs.azul.com/zulu/zuludocs/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://help.tkfast.com/customer/JWrapper-RemoteSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007152000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2627362976.0000000007468000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C6F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.unicode.org/Public/.SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://sectigo.com/CPS0SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.00000000028E1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624127226.00000000037F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.000000000495F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2626455876.0000000004D95000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002913000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.00000000048ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2624929551.0000000004177000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2622332731.0000000002948000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2081067787.000000000372F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://java.sun.com/xml/stream/properties/ignore-external-dtdTDPRemote Support.exefalse
                                                                                                                              		unknown
                                                                                                                              http://www.apache.org/licenses/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.azulsystems.com/support/java.vendor.url.bughttp://www.azulsystems.com/java.vendor.urlAzulSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643067107.000000006E473000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://help.tkfast.com/customer/jwstat_app_dirC:SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2621948692.000000000289A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://www.unicode.org/reports/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://xml.org/sax/properties/dom-nodeRemote Support.exefalse
                                                                                                                                        		high
                                                                                                                                        http://help.tkfast.com/customer/JWrapper-Windows32JRE-version.txt?time=42118479983SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2618199877.000000000058E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespaceRemote Support.exefalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://www.gnu.org/licenses/gpl-2.0.txtSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://xml.org/sax/properties/declaration-handlerRemote Support.exefalse
                                                                                                                                              		high
                                                                                                                                              https://www.thawte.com/cps0/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.ecma-international.orgSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.thawte.com/repository0WSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004583000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2583821417.0000000004911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://apache.org/xml/properties/internal/stax-entity-resolverXM=Remote Support.exefalse
                                                                                                                                                      		high
                                                                                                                                                      http://localhost/shtarget.txtSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2625950509.0000000004A8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		low
                                                                                                                                                        http://www.unicode.org/copyright.html.SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.azulsystems.com/support/SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2630972193.000000000C569000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2640628576.000000006CEA0000.00000002.00000001.01000000.0000000B.sdmp, SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000002.2643067107.000000006E473000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://upx.tsx.orgSecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe, 00000000.00000003.2482777417.000000000458D000.00000004.00000020.00020000.00000000.sdmpfalseunknown

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            208.75.205.129
                                                                                                                                                            		help.tkfast.comUnited States
                                                                                                                                                            		13754TKFASTUStrue

                                                                                                                                                            Private

                                                                                                                                                            IP
                                                                                                                                                            127.0.0.1

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                            Analysis ID:1429051
                                                                                                                                                            Start date and time:2024-04-20 12:26:16 +02:00
                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 11m 54s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                            Number of analysed new started processes analysed:21
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Sample name:SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal69.rans.spyw.evad.winEXE@34/259@2/2
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 50%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 93%
                                                                                                                                                            • Number of executed functions: 153
                                                                                                                                                            • Number of non-executed functions: 302
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                            Warnings

                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                            • Execution Graph export aborted for target Remote Support.exe, PID 6224 because there are no executed function
                                                                                                                                                            • Execution Graph export aborted for target unpack200.exe, PID 1216 because there are no executed function
                                                                                                                                                            • Execution Graph export aborted for target unpack200.exe, PID 1268 because there are no executed function
                                                                                                                                                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            12:27:11API Interceptor2x Sleep call for process: SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            No context

                                                                                                                                                            Domains

                                                                                                                                                            No context

                                                                                                                                                            ASNs

                                                                                                                                                            No context

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation HelperSecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                                              SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                                                SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                                                    SecuriteInfo.com.Trojan.Siggen16.24785.16789.5959.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen16.24785.16789.5959.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exeSecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                                                                    SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen16.24785.16789.5959.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          SecuriteInfo.com.Trojan.Siggen16.24785.16789.5959.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\JWrapper-Windows32JRE-version[1].txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11
                                                                                                                                                                                                    Entropy (8bit):1.672933031873368
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:L/9:J
                                                                                                                                                                                                    MD5:271563B96FBBFF5DC3E04656F3F18923
                                                                                                                                                                                                    SHA1:7F6800A9D6112BF5C360D56F3B0C5C616260FEE8
                                                                                                                                                                                                    SHA-256:B482D2AACE7286C78A565879C3AC49B772E9BD9D003BED856542C2CEE1049B22
                                                                                                                                                                                                    SHA-512:FC211920EE469A34E10444D65E9A909C934CFA1C6D332700D33C2AFF9AA2201434DBB810FF03188904C9500638444435CBECC25E2B7598356236C8475B02763C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:00084000053

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\JWrapper-Windows32JRE-version[1].txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11
                                                                                                                                                                                                    Entropy (8bit):1.672933031873368
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:L/9:J
                                                                                                                                                                                                    MD5:271563B96FBBFF5DC3E04656F3F18923
                                                                                                                                                                                                    SHA1:7F6800A9D6112BF5C360D56F3B0C5C616260FEE8
                                                                                                                                                                                                    SHA-256:B482D2AACE7286C78A565879C3AC49B772E9BD9D003BED856542C2CEE1049B22
                                                                                                                                                                                                    SHA-512:FC211920EE469A34E10444D65E9A909C934CFA1C6D332700D33C2AFF9AA2201434DBB810FF03188904C9500638444435CBECC25E2B7598356236C8475B02763C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:00084000053

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\JWrapper-Windows32JRE-version[2].txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11
                                                                                                                                                                                                    Entropy (8bit):1.672933031873368
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:L/9:J
                                                                                                                                                                                                    MD5:271563B96FBBFF5DC3E04656F3F18923
                                                                                                                                                                                                    SHA1:7F6800A9D6112BF5C360D56F3B0C5C616260FEE8
                                                                                                                                                                                                    SHA-256:B482D2AACE7286C78A565879C3AC49B772E9BD9D003BED856542C2CEE1049B22
                                                                                                                                                                                                    SHA-512:FC211920EE469A34E10444D65E9A909C934CFA1C6D332700D33C2AFF9AA2201434DBB810FF03188904C9500638444435CBECC25E2B7598356236C8475B02763C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:00084000053

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\hsperfdata_user\1164

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                    Entropy (8bit):1.3997935580893242
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:I/9rCB8Gn7AjSLbQ6S7wN+C8GYDJJBnmRuV9M5sKBEZMeOMsFD7:I/g8GnkjSLbQ6WCJa4RaUFD7
                                                                                                                                                                                                    MD5:97D91EA438079B8C6ACD9E893EA5BF39
                                                                                                                                                                                                    SHA1:8F3F87B5843943E57AA0C401287D6E7C2BB50E68
                                                                                                                                                                                                    SHA-256:2938117D4E1D58C03785A1B475E9408B50C8BE783E5617181A11A6203F4AB0F9
                                                                                                                                                                                                    SHA-512:34C19FB6C3755D83DB8974A3195ACACB3698CB28B57FE894203198E4F24358A67DD3A595962A053A6F1ED10AA14AFD7A6DCFAA680F0DCF293DFDCDD0C91F27BD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.........<.............. .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..$.......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications.. .......8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\hsperfdata_user\5324

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                    Entropy (8bit):1.3765442441440698
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:iRjriN8GCI731dxk5z5nrycL96w8ynmRuV9M5sKBEZMeOLBg:iRW8GC431dxSZrycBORaUQ
                                                                                                                                                                                                    MD5:DF9F71B809EACED15B635BAE3E20DECE
                                                                                                                                                                                                    SHA1:9334B2A2E4668A839FD07C7B2506A43FC9BF8874
                                                                                                                                                                                                    SHA-256:10E9E77449EFAFD9A2A89B057123733C56BC8C06292ABF236B5B1B7C18FF7998
                                                                                                                                                                                                    SHA-512:BF94DA6B1D3C48BA64196D406F77A209E38E557DCE4CD32E6A45E8BA4C46AFA738BC2847F311E798124FA9E6C51BD4E06BE2D33B8A2F341F88453F4931525B70
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........H<.......jM..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\hsperfdata_user\6224

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                    Entropy (8bit):1.4446317969760207
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:ESarGX8GylKkqcvNIcZYOQxeCKQo+Jr8ynmRuV9M5sKBEZMeOQM4P:ESD8GylTfvmzeS+RaUSP
                                                                                                                                                                                                    MD5:540B58D0CB0EF57B6D683845F05ED182
                                                                                                                                                                                                    SHA1:E7D9ACEBD62C76280F78BABC0C101936CE7AFA99
                                                                                                                                                                                                    SHA-256:174C90AA6C0BB620F9860DDDC130F220EF7EE2355F874A8E5043BC2753B7573D
                                                                                                                                                                                                    SHA-512:19BA7B0B035B4D329C6D79CF64762D8A0A524EC8633C862EF9671B013A4ABB472FF1F2F18E1B84C9374D8F8DA1E4C4727406F3126336AD7133794004EB6F85CE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.........=.............. .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.....x.......@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..4.......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\hsperfdata_user\744

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                    Entropy (8bit):1.3752321770263642
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:fRVrGP8GB4hLus25hYaH7mew8ynmRuV9M5sKBEZMeOLBg:fRS8GWhLusCHSqRaUQ
                                                                                                                                                                                                    MD5:2C97B58A0EB9D514942BFE44E3E68E76
                                                                                                                                                                                                    SHA1:A3F3C38848A0DAF7A83AA153A726D32049189CAC
                                                                                                                                                                                                    SHA-256:1A491E06E22ED8B7A7F3478100F70EF2EA60AE36BEC584CF5EE5F044F388460E
                                                                                                                                                                                                    SHA-512:FE8E484D737CFC0CED85CF5E72747BC0AF773A8DF222875CF6F9F64ECED983DA1A9A93366C701511BA0489083335A556FED359D0226FEC4A249D994C95086757
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........H<........R..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\imageio3054662377630072904.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18496
                                                                                                                                                                                                    Entropy (8bit):7.975066081887855
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:0Hr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382nx:J8v5oa8vNnt5Zn3W0u
                                                                                                                                                                                                    MD5:8CDB1DC5C629E2A459AB72E387450969
                                                                                                                                                                                                    SHA1:E61BC7399E7BF52443D26A89C9DE4BBB6F68DC27
                                                                                                                                                                                                    SHA-256:70C92C427605C87AA08AE69425D4182C6195894005C85E3FD0B82C09F27C52F6
                                                                                                                                                                                                    SHA-512:20414B5DD96C48A5258B8EDBF26E4EC4A4D4D1443730038F843D6D26273E0049014D0D867690834EAA3F2BFFFFD63CF46A0800B25559F73A365CDAF298016844
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR.............\r.f..H.IDATx..}.xSW..'S..;s..S.df.....$........b....!.Tb...$..m....Jh!...U.1.....u$..,.>.$..}..C...:k.k....NNT.P.B...*T.P.B....?..Op..'h"..}.......'lr.....}#.../..X*........../G...I.e..=......./...~B.......t.....+8..9..L...*.&.\..LH.....t.@........^F..o..#\B...*.&........d.P."...D.A@7:.>...?J..T.XY<...<..#."E.Gd.eO.B...~.)P ....9.s..PY=B.(..*...WMw..g.........0- .w......0.it./.e.P.HF...<..bBnD.....E.n.z..WG..!....2.....@...@....~.....N.A......$.m".F#.J<...3..x6B.:.n .v..l|.>..B..b..lH..Rj=*T,..b.kB.C...<R.D@.Q".y;.I`y.!Tm3m4.?.............)..*T...r.'_Y.E.?....j.$...3.z...T..2.3.A&.D.......\&r.V.B.^..@.M.H..`H..8R.8....it4.'8.[...qu..n...B.E...}.p..1QJ<..........~....'.p.....5(.!.1t...RKS.....W..)T.......KT..X.{..'.@.....Cv.F../~.4$.?..P!2B.8F..h.X........X...7.....#...`.Ct.. n...?R.S....../."g4C~..l.....(&...Dz.*.,..bT.FG)Q{..G..w..b..~O...3..1.H.1t..iyuN...'P.v2@....@Y:V.D.U...!..R....|.u..".h.'..3O.......I.|.i.w=..N@...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\imageio476293772189419094.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PNG image data, 4 x 18, 8-bit grayscale, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):98
                                                                                                                                                                                                    Entropy (8bit):5.530610295100729
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:yionv//thPlJttlllB/rtl1l2I4lupR5rNO:6v/lhPb/rt92IhDO
                                                                                                                                                                                                    MD5:C8F15F669B039148667D14BA0592866A
                                                                                                                                                                                                    SHA1:2B112EDDB281A1DAC53771F180D331DB42C34B28
                                                                                                                                                                                                    SHA-256:8CC0A4A79E1B2D67F78E0E85EFD1A39265FCED4CF5A840C995CEAE7CB6F26F12
                                                                                                                                                                                                    SHA-512:01673C65907F18459854B6E642CCCF85C2307485BD48829FBE66E3CED86A8BE5E8B6A88A47E7210DBE61523F16E0AF821AED2A3C204283A1EAFE7C4B375A661D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR.............Y. $...9IDAT.......@..1..2...1e8v......w.i..l..W...-.......e.....

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\imageio482841843346975126.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PNG image data, 4 x 18, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167
                                                                                                                                                                                                    Entropy (8bit):6.447389753692007
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:yionv//thPlJttnlmNKpBxgaGKfR24xt5mNR/GKuLg02S+QJeroONsuXKngrmu:6v/lhPEeSsf5x+7/8Oxc7ONsYFr/
                                                                                                                                                                                                    MD5:B9D86873742C7080B430A5D4255253AC
                                                                                                                                                                                                    SHA1:6E47FDD87C05B44F4AE5B20677F29DED22A2328C
                                                                                                                                                                                                    SHA-256:83AF5F63866C20B1B2D2D436236B2FC4A45501B5D1CBAA66D7FAFB6603B6B7B6
                                                                                                                                                                                                    SHA-512:59C8F07122875160B044368F215BA5ACACC1860D5FBF9BA38D6E26D26C9651D5679FBB72952940166737405D385F40D2B2289CF9C914AA6BF59BA26BC1B2D4B8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR...................~IDAT....9N.@..0o4....%4.".....;.>~...._p>...^.3.Y..U...........qs.......U.w.gTul..3...k72.....k.:^9..Lp.*.r..V...cuO<......?t-

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\imageio5556686099353411983.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PNG image data, 10 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):442
                                                                                                                                                                                                    Entropy (8bit):7.409164509719945
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/7c986gyiEO1OMEFGbWiVD286w3D3vrEkUcoQifmGx:x9+YYogbWG2Cb7Yh
                                                                                                                                                                                                    MD5:DD76E9D25A791CFEE83719EF9668D589
                                                                                                                                                                                                    SHA1:5C923EBB8ED658F7546D66DFCBA2841432316771
                                                                                                                                                                                                    SHA-256:61D10A9D780A09D2DE63536F88F9E14A86296ED804CD986978DE39EDF10299F2
                                                                                                                                                                                                    SHA-512:D09E12EFD5373C43EBDB2B700A2EFDDED044A5909492FF8B804233D4D3FD9F3604DCFC60141677355BD838A11BE040506AFAE4BE9E48F4EF5F1598113EAD4FDF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR.............b.OK....IDAT(S5R.R.0.=yP...Ag........\9nx.@..&..2.Wz.y...:.+.u...C.....qb......Y.g......k.g.o...=............:.h)~.....-4=+...(M.bCf..........A..-.>..ij..C,n...0}i..7......^......Z.Xd..B:.V2..}..,M...4.P..a.O..&.e.p7.`..esU{,w]tM.V..td"55Q......'.53....0u.1..".....4.0.<CJZ.D..(.1q.@sL.(.3&....Ms}a..n......1..nZ.U...,;8KF..9...n....Y.H-{..:....@.5.td..a.o... .A./r..r&9f...Dg.S@}.. ..C....5..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\imageio8713817684022300584.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PNG image data, 4 x 18, 8-bit grayscale, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):98
                                                                                                                                                                                                    Entropy (8bit):5.530610295100729
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:yionv//thPlJttlllB/rtl1l2I4lupR5rNO:6v/lhPb/rt92IhDO
                                                                                                                                                                                                    MD5:C8F15F669B039148667D14BA0592866A
                                                                                                                                                                                                    SHA1:2B112EDDB281A1DAC53771F180D331DB42C34B28
                                                                                                                                                                                                    SHA-256:8CC0A4A79E1B2D67F78E0E85EFD1A39265FCED4CF5A840C995CEAE7CB6F26F12
                                                                                                                                                                                                    SHA-512:01673C65907F18459854B6E642CCCF85C2307485BD48829FBE66E3CED86A8BE5E8B6A88A47E7210DBE61523F16E0AF821AED2A3C204283A1EAFE7C4B375A661D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR.............Y. $...9IDAT.......@..1..2...1e8v......w.i..l..W...-.......e.....

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\imageio9164044487126480897.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):51639
                                                                                                                                                                                                    Entropy (8bit):7.913071100791447
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:IAPZcf26Z/ymqXIjZ9dgRXOD1HBuXq04lXIx+IyDZH/h1Gpb:IWxOAXIj/dwXAHca0Hx3eHTm
                                                                                                                                                                                                    MD5:6ABF181027660B7F5CEF5D0FAF971D47
                                                                                                                                                                                                    SHA1:0335594CB1F61AAD54253CA05F4569F9F1E519D0
                                                                                                                                                                                                    SHA-256:A4C360B8928C08B9FEC4F4D848C8EC5B11B713A25C0785D93C41D5D9FFA1BD85
                                                                                                                                                                                                    SHA-512:73421A7BE762ABEEFDA9E827500DEC63ACE553A89610F68FEA1C527E25D537201798F02E6F3A5E200BAC872BC28FBAEB1C2BDFF72199936AA23C3AB047C8B032
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR..............x......IDATx..].xTe......... ....H. R..((".&.-,j.i......A.....`..."X~]Y].+........eE...w.u..;}....G.....;s...dd..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A.D.@fff...Sj..>.V...v..........<^.v..6^[..8.+I..A........mP:}F+Xw.e.A..`....W...]`.X#...!.\I. ..H.....{..k......l.s/....{.6....QM....<>.V..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\imageio916517826857042589.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7113
                                                                                                                                                                                                    Entropy (8bit):7.771588102328531
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:pXh2meSwoMvQDxDAIOaihYCjYtJF6YXh3Q46Ww8:Rh2meU27mJF6YxYX8
                                                                                                                                                                                                    MD5:14747F8BDEFE58C68B49EF0600E11D86
                                                                                                                                                                                                    SHA1:10C006D8BE5A7813DB8D35C61516BCAB125B8C79
                                                                                                                                                                                                    SHA-256:15CD7EF40A4D22DE8C1EC1DAC28265E2EE0F56ED2E901FD9AB8ADE5B92C6788A
                                                                                                                                                                                                    SHA-512:B88E992F88CF730975F4F9B1C6DAFC9F4D9ED5C193FEB12697C26009A6BD5392B02F80FBBA30F06569EFB2BB504252658B26DEBE6573C27A2D8E90588557A35F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR.............\r.f....IDATx......knp...H.C......i:..5pLFF#..C.d...|.z...ia.t.F!...C..Nl..u./.G.#..*..]....^.CU.?l..$.J..^{.... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. m.....b7..X...o?.....A.y.~.....*F...`.A.e.....`P..B..0~.Q3.b.]......w...e...kE~.b...A..@..P.]z..-%9.....M.._Y..jIh...CP......qd Xc............F......3...9.V0u......r.%..lV............e....*Cx......7...JAA............o>.:..@PD..g.4.[p...:..A.....y........d._..b7..X.F........m....". w._.F..[..vc..`.|........A.......0|.h..{.}\.....|...x......_...S.....l....*...R. DH.A#........X.Pi...}.!..2AH.Y.....C.].~>c.D#..X.`....f. Hl..[ol.]=..x....Kw>.%....f...A..."0......|.x..,<....,A....N.P....{.....3..@.f.*..C...``d....\.J2.P.9..K...V.N.G.o...........i....LY...A.Y...D....@.......z .....5gO...&_..6VA..]...#.. .......T.....<..5..2.y.....B....bdd..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\DetectedProxies

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:F1D3FF8443297732862DF21DC4E57262
                                                                                                                                                                                                    SHA1:9069CA78E7450A285173431B3E52C5C25299E473
                                                                                                                                                                                                    SHA-256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119
                                                                                                                                                                                                    SHA-512:EC2D57691D9B2D40182AC565032054B7D784BA96B18BCB5BE0BB4E70E3FB041EFF582C8AF66EE50256539F2181D7F9E53627C0189DA7E75A4D5EF10EA93B20B3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\ProxyCredentials

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:F1D3FF8443297732862DF21DC4E57262
                                                                                                                                                                                                    SHA1:9069CA78E7450A285173431B3E52C5C25299E473
                                                                                                                                                                                                    SHA-256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119
                                                                                                                                                                                                    SHA-512:EC2D57691D9B2D40182AC565032054B7D784BA96B18BCB5BE0BB4E70E3FB041EFF582C8AF66EE50256539F2181D7F9E53627C0189DA7E75A4D5EF10EA93B20B3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\basicinfo

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):457
                                                                                                                                                                                                    Entropy (8bit):5.807814313562858
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:feAZPXYgJQv/hydXY1unQ2Js6kugLuvKeKX4dZNLm:mAZPogJQv31uXJsP0bbdvLm
                                                                                                                                                                                                    MD5:31970D36282EF3BFB6B9CE20A0D1DA86
                                                                                                                                                                                                    SHA1:B53430F8ABED2AFD4DCECF9765EAC01EABD8B84F
                                                                                                                                                                                                    SHA-256:2D7327821BEB4DDB75415BD74AA5CF7C0C8AF18AF6A649C2ADA8F43E3EFEFABF
                                                                                                                                                                                                    SHA-512:ED222CF563445BE83302A13DF2549C083413E7434839B2AFA642CAE131A7C013AF711D30A98659880FFD2BB2E489CB2CF478D30FFBDFC424832AC82D562FA159
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...&..............<..&{51AC08F5-919D-471A-A7F2-20145926AD06}...F12XDS...VMware, Inc....ZDM4HMCFVT...............VMware Virtual RAM.....0..........DRAM....._.......\\.\PHYSICALDRIVE0...\\.\PHYSICALDRIVE0.....Y4L3_4GN SCSI Disk Device...SCSI...HDD.. 6000c292b65879ff477a6af604113f58..........&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..w5.........&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..w5...........R29DT...RAGUN.."VMW201.00V.20829224.B64.2211211842...None..0

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\helpUtkfastUcomG80\applet_splash.png

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7129
                                                                                                                                                                                                    Entropy (8bit):7.770065488619682
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:pXh2meSwoMvQDxDAIOaihYCjYtJF6YXh3Q46WwK:Rh2meU27mJF6YxYXK
                                                                                                                                                                                                    MD5:A19122E18E3328C647CA0271F48FDA9E
                                                                                                                                                                                                    SHA1:B7D3A23C1E378CC63A3C32B3A772A89B31C52FC8
                                                                                                                                                                                                    SHA-256:FBF3D3FB4720C948514FCFBE082E003DE4202CE222E31AB1ABB2E00D3A2C6534
                                                                                                                                                                                                    SHA-512:C414E37631211AE8304CCE092625558CEFEB538DE60D4CCFE08B893E0E64C94D31CD5E7EE78BDC32D9B1FF65E7CE0272A03E22FB92CEE0B4BFD6B4A737F45A82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR.............\r.f....IDATx......knp...H.C......i:..5pLFF#..C.d...|.z...ia.t.F!...C..Nl..u./.G.#..*..]....^.CU.?l..$.J..^{.... .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. m.....b7..X...o?.....A.y.~.....*F...`.A.e.....`P..B..0~.Q3.b.]......w...e...kE~.b...A..@..P.]z..-%9.....M.._Y..jIh...CP......qd Xc............F......3...9.V0u......r.%..lV............e....*Cx......7...JAA............o>.:..@PD..g.4.[p...:..A.....y........d._..b7..X.F........m....". w._.F..[..vc..`.|........A.......0|.h..{.}\.....|...x......_...S.....l....*...R. DH.A#........X.Pi...}.!..2AH.Y.....C.].~>c.D#..X.`....f. Hl..[ol.]=..x....Kw>.%....f...A..."0......|.x..,<....,A....N.P....{.....3..@.f.*..C...``d....\.J2.P.9..K...V.N.G.o...........i....LY...A.Y...D....@.......z .....5gO...&_..6VA..]...#.. .......T.....<..5..2.y.....B....bdd..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\helpUtkfastUcomG80\applet_splash@2x.png

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):51655
                                                                                                                                                                                                    Entropy (8bit):7.912916140940632
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:IAPZcf26Z/ymqXIjZ9dgRXOD1HBuXq04lXIx+IyDZH/h1GpQ:IWxOAXIj/dwXAHca0Hx3eHTt
                                                                                                                                                                                                    MD5:9521A8D7A2EE6ACBFC2982E634862D95
                                                                                                                                                                                                    SHA1:A7920919B2788A48EF6C7B19B0575E4CDFABDA1A
                                                                                                                                                                                                    SHA-256:BB66E364371421E00A4D11C5639C309ED2DB1BF24B5402D955E775DCDCDA6EFF
                                                                                                                                                                                                    SHA-512:1A8360D738898BAA7783D0AA28833819A5DE754366C677ED6DB992776B2E04ECFFC5D777034A05B0A8F033AD7B398AF92CAA17271A6A4729B92ABC8290DD123B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR..............x......IDATx..].xTe......... ....H. R..((".&.-,j.i......A.....`..."X~]Y].+........eE...w.u..;}....G.....;s...dd..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A..A.D.@fff...Sj..>.V...v..........<^.v..6^[..8.+I..A........mP:}F+Xw.e.A..`....W...]`.X#...!.\I. ..H.....{..k......l.s/....{.6....QM....<>.V..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\helpUtkfastUcomG80\branding.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):197
                                                                                                                                                                                                    Entropy (8bit):5.296922454276163
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:JNnS6LCIUM6GOQvmU+K/qxgFggwptXqxgFggw61aHkjH4XYxFCsgY6NBQVVvv:mg68mUzsgFipGgFie7MsgXNmVV3
                                                                                                                                                                                                    MD5:28305798340DB74A4AD9C83FD954CCD0
                                                                                                                                                                                                    SHA1:0BB17F7FF52C8DD59D0C830B4234301A37FF263D
                                                                                                                                                                                                    SHA-256:5515BADABB9EE3679D7CD3A6974AE4C26A669054DCC3AD77AFC68D0166501AF5
                                                                                                                                                                                                    SHA-512:05F7BFA2E735AAEAF1B1D6A66CC26CCDF19C7A404FD63B6D72F4BD058BF1EBA71A2664D27118894A3C85BE32D3595C6FD5F0049136683F0DF200594A772993E0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#SimpleHelp Branding Configuration.#Mon Jun 30 14:06:10 CDT 2014.SUPPORT_EXE_NAME_KEEP_OS=false.SUPPORT_EXE_NAME_KEEP_TYPE=false.APPLICATION_NAME=TkFast Inc..SUPPORT_EXE_NAME=_TkFastRemoteSupport_.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\ChosenLanguage

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:un:un
                                                                                                                                                                                                    MD5:9CFEFED8FB9497BAA5CD519D7D2BB5D7
                                                                                                                                                                                                    SHA1:094B0FE0E302854AF1311AFAB85B5203BA457A3B
                                                                                                                                                                                                    SHA-256:DBD3A49D0D906B4ED9216B73330D2FB080EF2F758C12F3885068222E5E17151C
                                                                                                                                                                                                    SHA-512:41DD75307A2E7C49CAF53FFF15AADA688275EF4D7950BEDF028612B73F343ED45CF51FE1D4D27F58ED12E93E0FD0AE7F69428DB169211554D1B380C91AA5CD01
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:en

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\JRE-LastSuccessfulOptions-JWrapper-Windows32JRE-00084000053-complete

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):259
                                                                                                                                                                                                    Entropy (8bit):5.120695641173387
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:0nI199pZ1tEvh/jyFvVHbOMAwM36YMuYt3nx+xRdY:h199p72vh/jyFN7OMPM36YHYQU
                                                                                                                                                                                                    MD5:60E5CC1149685AEA687AE3E761558AF7
                                                                                                                                                                                                    SHA1:0FFAD41597966262A17C71782CD4048177B52603
                                                                                                                                                                                                    SHA-256:53DBFC90A516F3625FED58B4919838DEE9219ED9FDA9D70E50659C66B1D424D6
                                                                                                                                                                                                    SHA-512:CB19C2EE2E5506CB5205995CF4A95C5C1F51B5C726BA7AC6B9439A42F88A6501202D5F7089D360262B69257C2B146CE038BEF068FB951F8F78BC78963A641E96
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:9.-Xmx512m.-Xms5m.-XX:MinHeapFreeRatio=15.-XX:MaxHeapFreeRatio=30.-Djava.util.Arrays.useLegacyMergeSort=true.-Djava.net.preferIPv4Stack=true.-Dsun.java2d.dpiaware=true.-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3.-Dsun.awt.fontconfig=fontconfig.properties.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\JreNameOverride

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                    Entropy (8bit):3.7004397181410926
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:jBJp3gln:jBJ6
                                                                                                                                                                                                    MD5:8FB5138EE86360CDE03895FBCD12494D
                                                                                                                                                                                                    SHA1:182872DA6AD9990FBFDEE722097047764F4A596C
                                                                                                                                                                                                    SHA-256:CFCCF59F10DA9D264A641125C710A6D57E457A1081F23E899BFA3D06E3BE2D41
                                                                                                                                                                                                    SHA-512:F315C3EA8519B935DAF10A526303731AEFD95DE0535F871EF0927E92B86CDF5A1D967647E2AF7FE54AFD014E670DB3F4D183AC00E0B81A4F757B703066030049
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Windows32JRE.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\JreNameOverride.afos_complete (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                    Entropy (8bit):3.7004397181410926
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:jBJp3gln:jBJ6
                                                                                                                                                                                                    MD5:8FB5138EE86360CDE03895FBCD12494D
                                                                                                                                                                                                    SHA1:182872DA6AD9990FBFDEE722097047764F4A596C
                                                                                                                                                                                                    SHA-256:CFCCF59F10DA9D264A641125C710A6D57E457A1081F23E899BFA3D06E3BE2D41
                                                                                                                                                                                                    SHA-512:F315C3EA8519B935DAF10A526303731AEFD95DE0535F871EF0927E92B86CDF5A1D967647E2AF7FE54AFD014E670DB3F4D183AC00E0B81A4F757B703066030049
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Windows32JRE.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\JreNameOverride.afos_interim

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                    Entropy (8bit):3.7004397181410926
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:jBJp3gln:jBJ6
                                                                                                                                                                                                    MD5:8FB5138EE86360CDE03895FBCD12494D
                                                                                                                                                                                                    SHA1:182872DA6AD9990FBFDEE722097047764F4A596C
                                                                                                                                                                                                    SHA-256:CFCCF59F10DA9D264A641125C710A6D57E457A1081F23E899BFA3D06E3BE2D41
                                                                                                                                                                                                    SHA-512:F315C3EA8519B935DAF10A526303731AEFD95DE0535F871EF0927E92B86CDF5A1D967647E2AF7FE54AFD014E670DB3F4D183AC00E0B81A4F757B703066030049
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Windows32JRE.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\Remote_SupportICO.ico

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36070
                                                                                                                                                                                                    Entropy (8bit):7.04591355730143
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:8ryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv3829:YFx2ylwMhfw48v5oa8vNnt5Zn3W0q
                                                                                                                                                                                                    MD5:B22EC69A355F529B2DDA787AF04FBD8E
                                                                                                                                                                                                    SHA1:C987DD336C8FFA1A1F2FD701D4A120C1F0F97641
                                                                                                                                                                                                    SHA-256:16F77D45C4C0F83DD0EA5927FF98AD91962E37403D0AC07E3E06301260ACE0D0
                                                                                                                                                                                                    SHA-512:903DF29A5D5762E863992BA5550AF70E86DD61A758161917A88F6ED887AAE572E0F2DB83B3CECA2A85806987B04146CF9DA64EDE05350A617B04E107743529AD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:............ .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....yT.........~[/..a................{..t..g.L.[0.iM..=,.K........J5.K..A..M..J..F..q;.mQ,pjM)m.z<..r

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\JWrapper-Windows32JRE-version.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11
                                                                                                                                                                                                    Entropy (8bit):1.672933031873368
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:L/9:J
                                                                                                                                                                                                    MD5:271563B96FBBFF5DC3E04656F3F18923
                                                                                                                                                                                                    SHA1:7F6800A9D6112BF5C360D56F3B0C5C616260FEE8
                                                                                                                                                                                                    SHA-256:B482D2AACE7286C78A565879C3AC49B772E9BD9D003BED856542C2CEE1049B22
                                                                                                                                                                                                    SHA-512:FC211920EE469A34E10444D65E9A909C934CFA1C6D332700D33C2AFF9AA2201434DBB810FF03188904C9500638444435CBECC25E2B7598356236C8475B02763C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:00084000053

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\unrestricted\JWLaunchProperties-4211958251-23

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15079
                                                                                                                                                                                                    Entropy (8bit):6.020381397385542
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:aOk0PIAerHZvvKbDt5XZlUEBl56L0wWddbl/KYL:aoPQZnmtdfDBK07L
                                                                                                                                                                                                    MD5:99C6C2EC77946380C46CA46B4A3A8899
                                                                                                                                                                                                    SHA1:2AF8AE8DD73BC1969C44742BFE834EA63C9F2429
                                                                                                                                                                                                    SHA-256:7F5D3154A0C89096D09446E28B066A0545895C487B769924EBA59CBE6F6B06E5
                                                                                                                                                                                                    SHA-512:F5CA8F8B8BC69A971775D2CBB21E58F8C706A05DB38F1C72C71CE50BFF0EF7FB246D97A0FA4BA87910D66044BEC169089F0A33A9EE9EF5FE85E4E8A2E634153B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:jwdyna_splash_image.iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAld0lEQVR42u1dB5wU5fm+Q1SMJn81plliid3EGEls3O6dYK+xY2IMAWPsDYWdPdBTBMReUAELCiIIVjpyu7MzexBQ7L2ALaCgNBGEO+7m/z3v987u7N7u7c6WA/R9fr/vd8cxuzs7873z9uetqBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFA0I5wHKdy9uzZW82cOfP/bNv+hWma2zY0NPx0/DvvbCFXR/CjhhKGThHLOiYaswdFYvbYqGU3qJ8Tomb8YfW3PqYZP04ds+e8efM2l6sl+FEBWsO0rCuVIHyulpN5xb9SPyMQoGjU7iZXTfCjQdSyTlEb/zMWhjVKe8yJmvZj6vcX1PpErSaPsKzjYx+tj8UCSqt0lCso+MGivr7+V0oYxvHm/xzCkn6M8kd+o/7vatYgi9Raz8c3qjVDaZRjp86Z8zO5moIfnoDY9oHK13iTN/wDbR0L59007b+q4+5Va4FHq6yImPG7TbOhaurUqVvKVRX8gJzzhiq1wZfQRres03049F2jMese9brFLCRKq8TfUz8HKq30c7mygh8EOHJFJpPyKY7M93UICc+YMWNrCJgZs55Vr1+lVotaa82YPTsSi582ad68n+A4ucqCH4QGUZv65ELeA6Ff07LOUc59vXqf1axRvlUaZrhlWX+SqyzYZBGNxjurzfwRCYhpXVvo+9Q5TodIZNbv1Ptc54mIqWX9V5luZyuzbBu52oJNUEAa9lEbeRZtZjP+cLHvh6w7TDUzFn+Rw8MtOodi3R+JzN5JrrhgkwIcarWJR3Ey8L1S

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\unrestricted\JWrapper-Remote Support-splash.png

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9648
                                                                                                                                                                                                    Entropy (8bit):7.957885621230351
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:267jRSFcvb0Bt73D1eG7eMW10Ct3Oi3qrmxpftEKQAnnyU5VxAN5mlD1AfDQb:2EjTb03D1kv0a3BqCBXxnygbbcU
                                                                                                                                                                                                    MD5:3824F0C32D238E438CD1C3599957B36B
                                                                                                                                                                                                    SHA1:5E7DC61846CDD9B76DB99C6AB9172C3DDD41BB85
                                                                                                                                                                                                    SHA-256:FC6F0B7F36253F9699EBB6439BF9ECDB26A78623F526B6C079E619188E60D372
                                                                                                                                                                                                    SHA-512:3F943A1FB8845E66801B2287D87189C4EF4EDD81DD0E82D2CB42FC0941ADAAC2B39978CB19B9197CF8C7F6C6D3BE88CEEB0474EAB98BC2BCD45EA548FE5AD898
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR..............X....%wIDATx..]......CT.&.5.Yb....Il..`..cb..c....=.S..^P...".V:r..3{.P.-..4..;...=...........}~..w.1.;;.........@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@.p..r...[.9..l...i..644.t.;.l!WG...N..:&...Eb..e7....f.a..>..?N...y.6..%.Q.Z..+. |...y.R?#..h..&WM.A.NQ..3..5J{...c.....D.&....c.....J.t.+(......WJ.......~..G~...j. ..Z..7.5Ci.c...3...........x.7..m....4...Uk.G.....M..j..[.U.....*....F...}8.].1.....,$J...S?.*..s.....8rE&..)...u...1ck.....U._.V.Zk.=;...6i...8.....Q...B..._..Q.}.z..Q.U.f.eY...,.d...;......i][...9N.Hd....\..e.W.ng+.l...MP@..Q.y.mf3.p..;L53.....-:.b.....I..`...j..Gq2.RD..w...Z....z.f^...C..\y.&....o.6n.s.....4.`.(!yN.$dv....|....lx.kw....V...J.*t\....V....IG.>...p..R~<.@........|g....:Bn.`...CE..oE .`E......J...^.b.>Q....UT.{.k...<#:of...L9..T.E!a.%.M.Z.<...+.EA..:|dE ....G...V................A.;w=.....=....x..a.....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\unrestricted\jwLastRun

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                    Entropy (8bit):2.873140679513133
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LBex:4
                                                                                                                                                                                                    MD5:4A23BB6A0241378049206D95E8845539
                                                                                                                                                                                                    SHA1:3D7A7B3D2B3B2BA60DF26C41083423DF5C177D8D
                                                                                                                                                                                                    SHA-256:0A695C16A6DF4CE012A5767E64B577449BC9EBA20E1F44D6AE15B3E392C91909
                                                                                                                                                                                                    SHA-512:DDDAB7E35680AE62B75E45D8E9CF84749A62CBBFA29FA19CBB9FB88B261678080F451FA62C3DEBDFDECCA24FED9A70013E1E433389C7735E7F86DF8BC0B2B302
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1713608944170

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\JWrapperUseJRE

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12
                                                                                                                                                                                                    Entropy (8bit):1.9473387961875537
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:L/H:r
                                                                                                                                                                                                    MD5:BD9A3A39AE641606D8ACFB54468CF0B5
                                                                                                                                                                                                    SHA1:F6C90CD0D00CADDF14CE3CAF1A8B8D63AD7347E3
                                                                                                                                                                                                    SHA-256:0564AE18CDB791E33BCB4DA5ED96008DBA51CBCBE80837D1B996B734E7B65BCE
                                                                                                                                                                                                    SHA-512:C8D850A5FE1F369B66BAE90FD34878075616D151B384026DCAFEFC02BC6079A2C671F4472B0491572B5E834559D4A2B083F947CA1660EE6E2C437707AFAFAD8F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:00084000053.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713608944217-1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15653
                                                                                                                                                                                                    Entropy (8bit):6.037654120063103
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:kOk0PIAerHZvvKbDt5XZlUEBl56L0wWd2vlXKNduY:koPQZnmtdfDBK08AduY
                                                                                                                                                                                                    MD5:AD0F870FC841F7DADA389548AB1667A7
                                                                                                                                                                                                    SHA1:AF8BE6FBDB7FF3ED43407B49D2CE82C723D5FF22
                                                                                                                                                                                                    SHA-256:C1CC18B7241B4BEEF4EBC4E99CFB193557C4DAA247BB0414F467B8E759B25699
                                                                                                                                                                                                    SHA-512:0BE55002EA1EFC2C2F18E33062B055E1E5FF52E6EB111E4C820D553C02437741BE83A28A736DAC1000B74175E305654941E697B23ADE98F0EF71BC9049057841
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:jwdyna_wrapper_app_version.00102236241.jwdyna_auto_disable_appnap.true.jwdyna_splash_image.iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAld0lEQVR42u1dB5wU5fm+Q1SMJn81plliid3EGEls3O6dYK+xY2IMAWPsDYWdPdBTBMReUAELCiIIVjpyu7MzexBQ7L2ALaCgNBGEO+7m/z3v987u7N7u7c6WA/R9fr/vd8cxuzs7873z9uetqBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFA0I5wHKdy9uzZW82cOfP/bNv+hWma2zY0NPx0/DvvbCFXR/CjhhKGThHLOiYaswdFYvbYqGU3qJ8Tomb8YfW3PqYZP04ds+e8efM2l6sl+FEBWsO0rCuVIHyulpN5xb9SPyMQoGjU7iZXTfCjQdSyTlEb/zMWhjVKe8yJmvZj6vcX1PpErSaPsKzjYx+tj8UCSqt0lCso+MGivr7+V0oYxvHm/xzCkn6M8kd+o/7vatYgi9Raz8c3qjVDaZRjp86Z8zO5moIfnoDY9oHK13iTN/wDbR0L59007b+q4+5Va4FHq6yImPG7TbOhaurUqVvKVRX8gJzzhiq1wZfQRres03049F2jMese9brFLCRKq8TfUz8HKq30c7mygh8EOHJFJpPyKY7M93UICc+YMWNrCJgZs55Vr1+lVotaa82YPTsSi582ad68n+A4ucqCH4QGUZv65ELeA6Ff07LOUc59vXqf1axRvlUaZrhlWX+SqyzYZBGNxjurzfwRCYhpXVvo+9Q5TodIZNbv1Ptc54mIqWX9V5luZyuzbBu52

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\jwLastRun

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                    Entropy (8bit):2.9689185639620974
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LBev:a
                                                                                                                                                                                                    MD5:E70DDEFF3A2103465784B1A7DCAABCB9
                                                                                                                                                                                                    SHA1:1BBAE7AE6420B1678FE512D6E6858A6B2D8291A4
                                                                                                                                                                                                    SHA-256:D2BBF3C9072C07565E3A9E8216B77D9C170228C0E2CE52F337EF4A878908F360
                                                                                                                                                                                                    SHA-512:3EBADB4B5F76B8E7693CFBBE1DBAB738D486188074C42134BB9B86C4289337D252C068F8DD3E88790ED68A7A7B8663020F70577C36D8490948B1CB9A75CBDE88
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1713608944154

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):151632
                                                                                                                                                                                                    Entropy (8bit):6.463083319649891
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:7kldyU0rumJ08aie23ucacX5O6YnIb6DQeTQwYF5tAR2pNqM8vKXNt5ZnG/jAS6V:4fyUcumJ08/QEp6DKwYjtALuVG/jNkNx
                                                                                                                                                                                                    MD5:D56527919A78D6AC6CEF8A9CB3D0B922
                                                                                                                                                                                                    SHA1:D4EA8C6FF865334FA56D19E435E58CCA8CFF7E36
                                                                                                                                                                                                    SHA-256:14F684600450CDBCDBA40A554DA7F96E7756B5733B4854F5B30B9A35D26CBA4B
                                                                                                                                                                                                    SHA-512:CD3BD8E33DF78FDE76827CEE0CA9EAB921C4BBCE31AAF7B38D41D6A8D473A30EE5F50F3620741F57FD54A86A75AD11CEE6F9A67C4C4B30E9987E1445AF37F2B4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen16.24785.16789.5959.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen16.24785.16789.5959.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exe, Detection: malicious, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0 D.tA*.tA*.tA*.S.W.gA*.S.D.RA*.S.G..A*..Nw.sA*.tA+..A*.S.X.sA*.S.V.uA*.S.R.uA*.RichtA*.................PE..L......`.............................F............@..................................p......................................4...<....P..................@[..........................................X...@...............t............................text............................... ..`.rdata..l*.......0..................@..@.data...\,... ... ... ..............@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):151632
                                                                                                                                                                                                    Entropy (8bit):6.463083319649891
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:7kldyU0rumJ08aie23ucacX5O6YnIb6DQeTQwYF5tAR2pNqM8vKXNt5ZnG/jAS6V:4fyUcumJ08/QEp6DKwYjtALuVG/jNkNx
                                                                                                                                                                                                    MD5:D56527919A78D6AC6CEF8A9CB3D0B922
                                                                                                                                                                                                    SHA1:D4EA8C6FF865334FA56D19E435E58CCA8CFF7E36
                                                                                                                                                                                                    SHA-256:14F684600450CDBCDBA40A554DA7F96E7756B5733B4854F5B30B9A35D26CBA4B
                                                                                                                                                                                                    SHA-512:CD3BD8E33DF78FDE76827CEE0CA9EAB921C4BBCE31AAF7B38D41D6A8D473A30EE5F50F3620741F57FD54A86A75AD11CEE6F9A67C4C4B30E9987E1445AF37F2B4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen16.24785.16789.5959.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen16.24785.16789.5959.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exe, Detection: malicious, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0 D.tA*.tA*.tA*.S.W.gA*.S.D.RA*.S.G..A*..Nw.sA*.tA+..A*.S.X.sA*.S.V.uA*.S.R.uA*.RichtA*.................PE..L......`.............................F............@..................................p......................................4...<....P..................@[..........................................X...@...............t............................text............................... ..`.rdata..l*.......0..................@..@.data...\,... ... ... ..............@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\unrestricted\jwLastRun

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                    Entropy (8bit):3.0269868333592873
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LBeJn:A
                                                                                                                                                                                                    MD5:9207B3442C0E7F261D37663AB35171AA
                                                                                                                                                                                                    SHA1:F4971F889CA9F571D8AC3C4D2E406C4D51E26B30
                                                                                                                                                                                                    SHA-256:D9B2D5AEABC5B4FCFC0B342CD2A634EA106D9E160BEC05C2BE245307E19276EE
                                                                                                                                                                                                    SHA-512:56C8EA46FBF9568CF1A0ED7E9515E07A86B544B40D1839F210E863604589FE9CD927A3D7DB363A741952929B3A61E10426E388B6DC96B73A06F762D34484FC71
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1713608944185

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAppNote-JWrapperJreCompatibilityApp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19
                                                                                                                                                                                                    Entropy (8bit):3.260828171224456
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:QpIQsc9:z3c9
                                                                                                                                                                                                    MD5:42435EB08FAEE75EC8A791B9A233BD8B
                                                                                                                                                                                                    SHA1:D462CA091139A2106E467C4A0FD33B4EE8DDAC09
                                                                                                                                                                                                    SHA-256:BF6F11C195ADDBC386206C29D8F557D296E2E5FEFAA129519CE75B4A4228BE5F
                                                                                                                                                                                                    SHA-512:E9B4AA8EE09A8C81746F3999E2003214952D3BA41B7E1AFADA9C6D9E2F1223A41AF3212E9C44D42D394611FFEECF25AD0E9A8A2BB79999B1DC32EC55C9667FBA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:com.aem.JreVerifier

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAppSpec-AutoTest

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36134
                                                                                                                                                                                                    Entropy (8bit):7.045544387141096
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:fryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382D:hFx2ylwMhfw48v5oa8vNnt5Zn3W0u
                                                                                                                                                                                                    MD5:2F89BEA63262618BDF5FF796D256A371
                                                                                                                                                                                                    SHA1:F30C119034085D7F3091A5C4B203B33B96A2917F
                                                                                                                                                                                                    SHA-256:1683DEE0D303F0C60394939FD4BBF403F25D8F4491648C2AABE6E2EDC45E5C0F
                                                                                                                                                                                                    SHA-512:3B4EBCC198DF2A854DC76F239C4A82FC217B1EFB674353E8B0D235E76F8F58DC88AC1FFDA097B1158EDE047415D7169A031F7DFFA4A4F614D6069614D0445CAC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........AutoTest....com.aem.tests.CustomerTest..................... .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....yT.........~[/..a................{..t..g.L.[0

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAppSpec-JWrapperJreCompatibilityApp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36156
                                                                                                                                                                                                    Entropy (8bit):7.04649933105962
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:cryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382D:4Fx2ylwMhfw48v5oa8vNnt5Zn3W0u
                                                                                                                                                                                                    MD5:A1FDA4A1DC5E7F2AA55909F108D04D08
                                                                                                                                                                                                    SHA1:D570A469DB258ED663C3A194365D27D279E814CB
                                                                                                                                                                                                    SHA-256:F2B3667E07E687EFCF6C3BFB25605A9BF89DF57F6BD24D9BDE7AE4D784B0A103
                                                                                                                                                                                                    SHA-512:F0DB36A5B508768BF2F185A932380962FEB796C0B71D6FF4927B6022DA83DE27B90DADF291F017EB589D95A6C6F1099831C9FE663844ACFD2ED0557BB2F1EF97
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........JWrapperJreCompatibilityApp....jwrapper.JWrapperJreCheckShim..................... .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....yT.........~[/..a..............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAppSpec-JWrapperMatchedVersionServerUnavailable

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36193
                                                                                                                                                                                                    Entropy (8bit):7.048087920494959
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:vryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382D:RFx2ylwMhfw48v5oa8vNnt5Zn3W0u
                                                                                                                                                                                                    MD5:7C0411575332FC9DB2221DAC946441FA
                                                                                                                                                                                                    SHA1:5916948C77C8429CB9B9EE3D23B818D71AB21C3F
                                                                                                                                                                                                    SHA-256:5877EE25B3BB645D0B17A102C818E662A91B71E7FDDA8AE606EE05AE5716D562
                                                                                                                                                                                                    SHA-512:C5CDA13809E5AAE82958BF11D7EBDBC3B36E81F3B905A07661836302118A3156B406757BF2F35E14F28E7B0B04484EAE0769F14C83BCD3310B54AD28AA005F60
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.......'JWrapperMatchedVersionServerUnavailable...6com.aem.shelp.customer.CustomerServerUnavailableDialog..................... .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAppSpec-JWrapper_Service_Management_App

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):99
                                                                                                                                                                                                    Entropy (8bit):4.077885665299278
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:plIXFnXACiEy/JNwZLILECA2yAGuL:plIXFpWw1jCAXAGE
                                                                                                                                                                                                    MD5:04FAFEDC20BF8B5448BDF2A863246001
                                                                                                                                                                                                    SHA1:18734278FCFD6A6E89EA4331C8FAB775D655A892
                                                                                                                                                                                                    SHA-256:61D35CBD883AA99C12EC6A9662B249E3C628B98AA358D2D32B28601B9E001F62
                                                                                                                                                                                                    SHA-512:E8ABD99829D3DB5CEAC5D0AB5EF83B1EC84DD05B139C5E2B474FCB0C96C468149819D5CF4992D8510814B6A33CE654F8AF5CD6EAE98FE966F6C0E5132B78EB1B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........JWrapper Service Management App...&jwrapper.jwutils.service.ManageService..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAppSpec-Remote_Support

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36155
                                                                                                                                                                                                    Entropy (8bit):7.04631361973388
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:bryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382D:9Fx2ylwMhfw48v5oa8vNnt5Zn3W0u
                                                                                                                                                                                                    MD5:12EE6B719C117A16137C6240547E1EC5
                                                                                                                                                                                                    SHA1:BE14715FBDB81185EDFF60D5EBB6E515EDD370BC
                                                                                                                                                                                                    SHA-256:DE0888A10E14E8C959301F9EF56037918608BE3C5B537C9AFB92BEE686AEDB97
                                                                                                                                                                                                    SHA-512:9667B1576661B2DF7C8BC4AC35E4CE5261C3119CA57B852A5EC7B61F3C93CFA73B5BDF488E4EF16FDAE4B82E749FFF02F1C7AF620A356063FD8314B5845C8732
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........Remote Support...)com.aem.shelp.customer.StandaloneCustomer..................... .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....yT.........~[/..a..............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_linarmutils32

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_linarmutils64

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_linutils32

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_linutils64

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_macutils32

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_macutils64

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_macutilsarm

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_os_jwwin

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_winutils32

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWAuxiliaryArchive-Remote Support_winutils64

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                    MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                    SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                    SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                    SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWrapper-JWrapper-version.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11
                                                                                                                                                                                                    Entropy (8bit):2.1180782093497093
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:kXGbS:k2G
                                                                                                                                                                                                    MD5:F64A6EBE623B2A4FEB2DA05C78AAB99D
                                                                                                                                                                                                    SHA1:9699FBFDB5D815280A09BC025F990927D32202F1
                                                                                                                                                                                                    SHA-256:1B03116AAA7B780C66A69EAA8044F9849CC4E7B57A0F054E09051EBF1E381D19
                                                                                                                                                                                                    SHA-512:8AE7E243CD20F24493FE21714304F16A41E0D4CF328EE1C45E462C5532F183F62263CADCBECAD4A9CFFA9197048415BCCA573EC7C2D2867A4699AC1968F59D4D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:00102236230

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWrapper-Remote Support-ICNS.icns

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mac OS X icon, 118432 bytes, "is32" type
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):118432
                                                                                                                                                                                                    Entropy (8bit):4.79911976258702
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:0itpbPmQqrHVVVmVVVVVVVVVVVVVVVVVm9NdrWx5EiVlqVIlmp8vKXNt5ZnGT:0itp7qbCQyuVGT
                                                                                                                                                                                                    MD5:BE564FC696B6169D422FABC711730D4C
                                                                                                                                                                                                    SHA1:1DE658F8347412413A011B8DCABDA071F8DBF0CE
                                                                                                                                                                                                    SHA-256:BD2952358D918F683CE9225539E38AE077504185F487B0074AD44E8A088015B5
                                                                                                                                                                                                    SHA-512:FC1074FEAC49EA442455070107F3182639C248E28D74CF62FB8B6D80738539D629DC6116B17ABF7C0F7422E7285585E99B726040C21A4BA0323D28E6534E911B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:icns...is32................................../F..<Z..0J...$...............................)..#1...'..$2..:S..6N.#Ry.,i...Ek.. 5......................5J.A...M...J...F...;q..,Qm.)Mj.<z..8r.."Hn...*................./[~.a.......................{...t...g...L...0[...Mi..,=.........2[{.n...................................g...b.......Ty...........Le.q...................................s...o.......{.....(.....$<O.s.......................................n............(8......)6.q.......................................o............5I.......'.j.......................................p...........%@X.........X.......................................n...........,If.........Cl......................................k...........4Ss........./Rl.u...............................t...e...........-Nn.........">R.b...............................c...H...O...9h...':........../A.Q...........................t...N..."O{..*A...#..............$3.@...q...........o...Z...L...B{..)V....).........................*b..G...N..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWrapper-Remote Support-UninstallerICO.icopng

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49390
                                                                                                                                                                                                    Entropy (8bit):7.481814629908238
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:FZ51+/60ykkmZoVLl/rvikFjoFOcmn51+p73VGxWqHb6aLiXVhKr+yf71M:FZ2/qkmL5L72FOR58GYOb6FXDKr+yBM
                                                                                                                                                                                                    MD5:A281A019E82A015F76A1717D08224E73
                                                                                                                                                                                                    SHA1:E5E62C0315EC8B4F5FF7912BD2FEF0304935C34F
                                                                                                                                                                                                    SHA-256:34A0D11A21A4A42EF98D5A8397F29ABDC12F10CC6EAC97E5FC21DEF97BE0276E
                                                                                                                                                                                                    SHA-512:678BC884CC1E960A7C2BDDB6CABDF4AE01644295C601283013DE314D7D9AC92F06FCC7359DC64ABF85C4B3137D540A23DB71CC9A399003CC6BCD460A0E981DA0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..D...|P............ .h...V......... ......... .... .....F...00.... ..%............ .P|...D..(....... ..... ....................................KF<1.RF9.QD7.PC5.NA4.MA3.K?2.I=0.H<..H;..F:-.*".|...&........C:/...m...l...g...c..}`..y\..w[..rV..lQ..jP..lR.hVC....G........TI<...r...n...i...k...m...e...{...o..qV..iN..kO.uaK....I........\OA...s...q...p...........o...........j..nR..lP.zeM....O........eWG...r...s...{.......x...c...k...q...q..qT..mQ..iP.$..Y.......%l[J...m...n...|..........f...g...m...l..tV..pS..kQ.-$.h........q_K..k...k...o...z...y...u.......~..|^..uV..rU..lQ.3*.w.......4vcN..l...k...k...h...x...........~..wZ..qS..oR..jO.7."........?{fO..j...j...j...g...e...j...j..x\..mR.~gM.waH.o[D.7-".....;5.s.|j.z...y...y...v...r...o...j..ze..uc..sa..p^.}n\.aVK.... }vp...........................................................pje.wl`.p^I.|gP..jQ..mT..oU..rW..tY..v[..z^..{^...k...........JFB..vj.m[E.u^F.ybH.|eK..gL..jN..lP..oR..sU..tV...c.....}v.....# .Dyrh.wf..wd..yf..{h..}h..~

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWrapper-Remote Support-splash.png

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PNG image data, 352 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4617
                                                                                                                                                                                                    Entropy (8bit):7.815116080984637
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:tRbMDt1APL6F9Z7DMQC14nGVoYnunsDHvTOrnsUzlJG7bsFoBFS:UDLHXMQm4nGOg8sDH7OrnsulJGXYoW
                                                                                                                                                                                                    MD5:A3BE1246247CFC9A93352D288E81F358
                                                                                                                                                                                                    SHA1:B091AC5E9A4C638DC4D499C52FDA4469D99F91C2
                                                                                                                                                                                                    SHA-256:2F7D3BC8FFBE9B3152EC9C332363247A4E89591FC1349BC0EB2E3A3D93055043
                                                                                                                                                                                                    SHA-512:F4B4B868796F5239ADC7FC9D75F3C66C99A0A02FCEC2B8094DC24CFE80328CA8920CED932688932D1C4328B4AB37BF74193800F27FA2017E983BB031EB9C4250
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR...`...H......./.....IDATx...dWU.....p>.2...._.hmKKJ.VQ...A"H2$...$.... (6...HK0!H2.y!o...."=......z....?a..s.....>{...k.._.....g.{...........................................................63@>.3{s.c.|.....G_<.....G....tg.......`...9_#..{}..........|...~..f.........5............'..w,..x.....7.....5........}.......;..................|......1.....G......f....`...9_#..{}...}.......;.....Ul..pm............|....`-.b.x.....^..?z.......;.....U.~........~.`.>z.Q{..:..........,....}_<..}.....t.ki.......6....~.....|....`-.R....o...^....?..}.....t.ki............>K.....|....`-.b....j.....~..0`.=...c....?.........p..b...R.>.E.....Q..~.....8]d.Q...v......3.Q.........,...2....0..p.S..^..............`...... 0....q..L.,.!.I..V[..!......?I-<W...{?);x.... ..i......<.z)....C..^.....k.=0=.S.3'...U......;.1.o.......u...-`....Lz&......[/.....G.L.S.......{_.....S.x`.`...$.......L.z.{kO@Sp.f.{g.>...fs}.=.]0c./;..]...S......7.+.....|....*..g

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWrapper-Remote Support-version.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11
                                                                                                                                                                                                    Entropy (8bit):2.413088436425758
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:kXGby:k2e
                                                                                                                                                                                                    MD5:77E14C9D63FAA3AEDD47F0C313FC1D93
                                                                                                                                                                                                    SHA1:55C00AF369ECA6BEDDBD3E55B12554F4842102D1
                                                                                                                                                                                                    SHA-256:6BBEA392CBB8A0E0F3D6FE27A8402F5AA1BFA61727C3F2C62C4FCD2AB97BCA6F
                                                                                                                                                                                                    SHA-512:B72C0052EE4819EAE5DEF7130BA3558720970BE9B36A9BFDDC4B843818AE054BE40C877601E2997CAD1C6678842092E8CC157AC90F11BF77AAF31DF244825525
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:00102236241

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\JWrapperLaunch

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):391
                                                                                                                                                                                                    Entropy (8bit):5.087719002693374
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:P/I1VnXIc5199p72vh/jyFN7OMPM36YHYQMtB:OXIc51fp72v1GrXEqY4QMX
                                                                                                                                                                                                    MD5:B15E011BB7496D589C1D9A3EF02AE205
                                                                                                                                                                                                    SHA1:F0E662ADB1302250DCAF4F4CD737A2D1AD7C0572
                                                                                                                                                                                                    SHA-256:5D65494842456EDBAADA0EF26E4D5934659C4DB9F20ED6F93145DE3C26116689
                                                                                                                                                                                                    SHA-512:3DD484036A4F7D39CD0D236951E90FFA2BED2A8BE43AADFD54481E8C9FBECCF168FE69BAE5B91B2BAF523F0012D5D0D5318550E6DAE8D18BB253D7FFA40E7088
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:7.jwrapper.JWrapper..Remote Support.JWrapper-Remote Support-ICNS.icns.0.0.0.1.customer-jar-with-dependencies.jar.0....9.-Xmx512m.-Xms5m.-XX:MinHeapFreeRatio=15.-XX:MaxHeapFreeRatio=30.-Djava.util.Arrays.useLegacyMergeSort=true.-Djava.net.preferIPv4Stack=true.-Dsun.java2d.dpiaware=true.-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3.-Dsun.awt.fontconfig=fontconfig.properties.0.........win.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\Remote SupportWinLauncher.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):576168
                                                                                                                                                                                                    Entropy (8bit):7.416515344421729
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:xEvd5t3iEkjYflKJI93ish89NUK80XUYOTccQiGp+hsz2:G2EIIMsh8w/qUtep+D
                                                                                                                                                                                                    MD5:7BF260B5EEB6AD854FCFF15F62FFC0AB
                                                                                                                                                                                                    SHA1:EB2C4C82CA44AE47CAC1DFD597D85CCFDB9F6BA9
                                                                                                                                                                                                    SHA-256:86E4950AE3334689026C9FE63808343EED1F66330FCD37DBAA5AAC13065056A4
                                                                                                                                                                                                    SHA-512:0A6E2E0BF61D7A30819A02AE8B95324EBA12ED4DBDBEA16B63C15FD7C79FC204B4DA3AFAE18CB8461A1FBBFEE271F24AB299F9D90E5901BCC79E731F6073C4C9
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,..Mt..Mt..Mt......Mt......Mt.(.p..Mt......Lt..5.Mt.yB)..Mt..Mu.sMt......Mt......Mt......Mt.Rich.Mt.........PE..L.....?d.................p........................@..........................P......C........................................g.......................U...u...........................................\..@...................Td..@....................text....k.......p.................. ..`.rdata..............................@..@.data............ ..................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\SimpleService.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):116112
                                                                                                                                                                                                    Entropy (8bit):6.494947054010256
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:OpbP7TtLV/xaTIn5ei4dJe5xmtvgX93uSpp2cuty/tKBmACNBuACNA:UHj93uuw0/tKBmF+Fu
                                                                                                                                                                                                    MD5:871F2AE119AC463E75BBEABC1E925AA9
                                                                                                                                                                                                    SHA1:694D8B456ABC255DA9EC0E9B270116163CB5D132
                                                                                                                                                                                                    SHA-256:313000B647E07FE9C08D538D160B5ADB4849A7E2E19C16E5E0F188B176470229
                                                                                                                                                                                                    SHA-512:CD1E7EDA3B0591B20587990BCACAADC2424D2F9F72D071C3C4EFAC4BBB16665C7B267AE332F95CADF1CA3501F3D7B9CBC9FBBD3CFF07E1FC69BF3C9F805F1CE3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E...$...$...$......$......$...+..$...$..U$......$......$......$..Rich.$..........................PE..L.....`.....................p.......Q............@.................................d.......................................,0..P....p...............p...U...........................................)..@..................../..@....................text...*........................... ..`.rdata..@:.......@..................@..@.data....,...@... ...@..............@....rsrc........p.......`..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\cadasuser.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):179760
                                                                                                                                                                                                    Entropy (8bit):7.252389875765567
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:ueO+AxG4R9rNWQ6jUs/BgrrSrrC9rZ9rX9r09ratrUtrJF5FV:lAx99xYQsZg6qD9akGn/D
                                                                                                                                                                                                    MD5:2DBC02F8DE481BC192C85703444D2947
                                                                                                                                                                                                    SHA1:FB53F506124D2126D2C9F5BED5689353C2E95185
                                                                                                                                                                                                    SHA-256:7A9EDCEFE2F172907E9191A6198C7E4A5291DF50F402AB1B8AE8031EFE602B3B
                                                                                                                                                                                                    SHA-512:F8BC7F01787B9DFAFFE9F3B10D916D3AEB5A83A37C849CE6476CA481870A313CA82BA80F144B8AA2D167E629E18CAEB5B1143DF4D0FE14774D5C0C6108B579C7
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...\G..k...\G..d...\G..~...{...$...\G......\G..z...\G..z...Rich{...........................PE..L...>.KY.....................P....................@.................................PW......................................<...<....................h...U.......................................... ...@...............<............................text............................... ..`.rdata..^!.......0..................@..@.data...`+..........................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):21274827
                                                                                                                                                                                                    Entropy (8bit):7.927981743710179
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:393216:gN/wLweTsb/7wNv+WvRnaudGWs2qI7dMHqQq2lbS6aZ8K5:qwceq7GvPvRGWs2qIpMH3lEp
                                                                                                                                                                                                    MD5:4F8A7D2CE6EBD06CB0F22C33A592404D
                                                                                                                                                                                                    SHA1:ED4AFB70C49F38BFAD39CC0B15D6683F5C854101
                                                                                                                                                                                                    SHA-256:C559AB22BDF73F8E1F959A2C34B13BC765A67D5A3474EBECDA6DD658E8329D04
                                                                                                                                                                                                    SHA-512:6CFD6645A0278FAA27E952C77CB8255F9D2F7597B78FB37597600DD595EF46379EE472FF8CF036FF71F6FECCC237F92FF9CFA6AD55C93E5FD396E89D9195CA2C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........tJW................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.JM,IM.u..R..I.(-Vp,J..,K-R0.3.3......PK..5...>...<...PK.........tJW............#...org/apache/fontbox/cmap/83pv-RKSJ-H.Yko....._1]`.......], KT.-...lP.....[.(9A.}.=G.,'..-...P.g.sf.J../....kw.....m..q..js...y|p..........7..W.bR.W..B....c........H.q.,.|.X.....J9...^.=..4..M......n...O...x^(..|.V....d...?.....o.w.x..k).nw.akd....j..7..G....[3...>.d....]mw.~...L.n.....0]@............j....8...;...n.T...T.3.7<.v".l...J.....v.;..........i.u...[Dxp/T.............bW.dLS....#7O._..U....{....Y....4..i.....o5..2|.,.j.e..?.f..v....%......`..q....xZYx.1......d......zp*._.]&{...!.W.z.9G...j$.XZr...n..1......7.K.Vf);.t.bb.}...n<8}.q.Z]:.....:~M.o......4.|..0Z.F.o....$....27....E..ji...|Q..l.......n9..?.J....G..~...........$.....E^...*f..I1{wn$....)..g9?..oc...4.M.._..eq],?B.X.T.Td...h.,.w....[......O.L.r|=*n....%ZL.>.-My5...nfd.....\.2...A23)..xy..Oru. ....)o.q!.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17134835
                                                                                                                                                                                                    Entropy (8bit):6.8079484032707995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:393216:pgfhm+jYiK6wrb50vRou0WJ2WGkEP/MPluWsn1SWbL:pgfhm+jYiHO5WRo0J237sEWM
                                                                                                                                                                                                    MD5:AA023B48A18A5BA2589B8C3DF918F454
                                                                                                                                                                                                    SHA1:F8091216FF75C9FB169FB5D64D9202D5DACAD3D4
                                                                                                                                                                                                    SHA-256:08E7756DCFDB552B6781BE3203B2C85D2A2442D75EE7DA89252F3DF214115BF1
                                                                                                                                                                                                    SHA-512:95A76DC1FCCBC976F1DA6A3E3C7E3981B6B043A4324CC1388BE82A51C11714A3EE3503C6E61B37A9C2BB29EE2408B7B5F73DFD513A7217B003D96D4D6BECD7A6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...........>.....b.T...............................+..b.....:.4...z.-,..y..++.-.+.-./.-.b.+-.J..--...+.+++.-+.*+.*+.*+.-...3.K2zD-3+.-..S-+*..{...*-.............................................................................................................................<;......................................................@?.........................................................23...........$...........................................................#.................................................................@G...................................................................1...............................................................B!.................................................(/...()(+...+.....................................................................................................................................................................21............*...)................ ...........................................'............................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\elev_mac

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mach-O universal binary with 3 architectures: [i386:\012- Mach-O i386 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_HEAP_EXECUTION>] [x86_64:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>] [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE>]
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):185120
                                                                                                                                                                                                    Entropy (8bit):2.538897125099634
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:RLHHGBJ8kMFbab8HAo/2j48kMf6ab8n1GVj8kM3XfMab8:R7mrGbKTjsXKXoEK
                                                                                                                                                                                                    MD5:B97A70B14F288D37D6F77229451D0E13
                                                                                                                                                                                                    SHA1:F9BE0AFFF116176824E5CB3C88F896A4B76C218E
                                                                                                                                                                                                    SHA-256:B0E0EE51314CD117E94EB53FF46CAFAB951A76E62C0FD6B54D68F6942522F347
                                                                                                                                                                                                    SHA-512:BD59CF2078B0398BE33A699D04231BEB34610EE31C59049864CDBB1D43441F68FF17EDBD5B085812413A3BA77850343E6766F61710B80D066BC0A694C7E91E6C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:............................................................... ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\elev_win.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):243992
                                                                                                                                                                                                    Entropy (8bit):7.278640957364001
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:4ukjf+vEAQajI4/f5rrJrr1n9rbH9r/9ro9r3Htretr5FahFc8FDF5FnFI:Fkjf+3E4n5h1JpiZHEva28dTdq
                                                                                                                                                                                                    MD5:01DEEF7F533173DA5E2B26B00AFDE108
                                                                                                                                                                                                    SHA1:CB1A8B2784DD8EF54E940FA5455FBCE20F928952
                                                                                                                                                                                                    SHA-256:3330AF7877EC280AC33A327A7C4AD99BC8C437E8FF0B4EEBB8C82B230E2148EE
                                                                                                                                                                                                    SHA-512:2451BD318016858FDCC0007D28D781AA62F708A59480DE2044185C8D27E68B25BE5995AE6091546D7C8DF17ECBC0336D9C3F68F5297B07A7435FC2F1DBCE49A6
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...........................................................Rich............................PE..L....GG_.....................`.......5............@..........................P......9.......................................<...d....@..............(d...T..............................................@............................................text...h........................... ..`.rdata...(.......0..................@..@.data...d,....... ..................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\fontconfig.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):277
                                                                                                                                                                                                    Entropy (8bit):4.638192570481787
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:gdpVLIRlfKCYWJWZykGEG3qH1qZb6IGVbpIWI2wb6Xzl:gd/0lfKC7JmylMIbAhpLl
                                                                                                                                                                                                    MD5:811CDB9DDA225FBF0B0CA2C103D7F8E2
                                                                                                                                                                                                    SHA1:8AC54D2EBD4A9BEE5CA8BFA5FA09481D252B5F6E
                                                                                                                                                                                                    SHA-256:24138306B8AA80D2B9586A55F75A156466B3A69AB5C96988AD62304905F53C07
                                                                                                                                                                                                    SHA-512:32341E621E474C9639B572EB63E070CA50A63D70CBE72310ABBE8E3B8DB459AFD469433B52FCF678BF8AAAFFC868F197878EF75DDB67D342CBC74A98D1CEA9AA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:allfonts.thai=Tahoma.sequence.allfonts=alphabetic/default,dingbats,symbol,thai.sequence.fallback=lucida,symbols,\. chinese-ms950,chinese-hkscs,chinese-ms936,chinese-gb18030,\. japanese,korean,chinese-ms950-extb,chinese-ms936-extb,georgian,thai

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwAuthorPublicKey

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1033), with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1033
                                                                                                                                                                                                    Entropy (8bit):3.992356463658328
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:qvJXV01naP5VAoSsY1PRjhGSrUld3BIlAG+3X5TwHW+Lhs2T5qgeXghYP0K6ju0c:qBlnBVyNQCYgAXHNwzb5+0xntq1Bd/
                                                                                                                                                                                                    MD5:1128DCB368DF4E55C20A4657D6B9B6A5
                                                                                                                                                                                                    SHA1:A5288D935233702DE687AA089DC864E7B9DB3F84
                                                                                                                                                                                                    SHA-256:B72D40A45A55DF2C60142D734630E5BE9464B52A09CF71A2951BD4553F785A12
                                                                                                                                                                                                    SHA-512:45741D62559AB3BB476835CC99F0CE76DDE0135DE6DCADCF52EBB489125AA822DE2EFAF9146FBA144FC3D5D9A5D76B8E64BD976F1FC0C8B9048F82E2B8369814
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:010001/00809117AD80272B656E1933627989FC63E4D7781D3DC18CD14BA3557B439DAC2945B118DEE7A7C2F8AD0DAD4F0801110DBB9165CA9834B48813C760A9D96A7F4A4B845B8AE157787C8B34C57EAA2E78EB02D8D31AE4E958D2F2CCD72AED2D77D76AADD60CB7B31BAEE11FAA888904CED7A2D586F28BFC437A09E6D65F8BC98DCDC8C9911196E4A2944F0AE8BB51FD58E2E613D9AB7F214AC43F58BBCB543A6D5E5B38EA37463FDE2042192F6ACA10FF51D2525ED868BD023BB9954F002460E0D410106AAF7CF5525250701EAD733345DD88B2197BEC94485FD6D25300FD45DDFC0165AE6A92D3374BEE3C1A50B0626C0C73C90C69F7F92736E50FE67976E22657901C2F1FAF3B1C0493087C07B553A008D507C4CF4A94D43741C33202E44ED5047CC6A9C09AD8596D00D8B4D85FBC1A850AD6AF2F97467FA817C122D7D45C0A6513D5AA57B0D87A7CD855F77C57EDAD30BA03DBA2CD7BE409F929A36500B3CF6B3AF6154E09895268E8736E6FD70C7AE011896ED1D79B660200598A24416FAA98457B90C184ACE27FFCB28A4035D4F5804CD919C37540E640F53E066AFA9500866635563A32988542BA0FC220F1D01C770DD3F20382BD640098CC432A3F6C4C1A25C90CFEBAA7195320DD518D477D86D313D3340567FC4E49934868AB78E23B9EEC6B6B832245A005C1304091A0E9C74

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwBuildVersion

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11
                                                                                                                                                                                                    Entropy (8bit):2.413088436425758
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:kXGby:k2e
                                                                                                                                                                                                    MD5:77E14C9D63FAA3AEDD47F0C313FC1D93
                                                                                                                                                                                                    SHA1:55C00AF369ECA6BEDDBD3E55B12554F4842102D1
                                                                                                                                                                                                    SHA-256:6BBEA392CBB8A0E0F3D6FE27A8402F5AA1BFA61727C3F2C62C4FCD2AB97BCA6F
                                                                                                                                                                                                    SHA-512:B72C0052EE4819EAE5DEF7130BA3558720970BE9B36A9BFDDC4B843818AE054BE40C877601E2997CAD1C6678842092E8CC157AC90F11BF77AAF31DF244825525
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:00102236241

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwrapper_license

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):792
                                                                                                                                                                                                    Entropy (8bit):7.755914204647375
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:1Vfm5iYCLJ8EyRso96dcHZYPMpArbMLIqxXjvujlVnO7ZTw+ZtN9o16eZCGBMh:1VeC6EyZ95YPambAj7aVnO7ZpoHZjMh
                                                                                                                                                                                                    MD5:DCCA3D97F264579BAA88AD8DF0749966
                                                                                                                                                                                                    SHA1:18E3F2A3B2F99E21D577A2ED4DE44A58094C0DBD
                                                                                                                                                                                                    SHA-256:F3065B1A51B64C7BD0AD9A434E4C9EBA27EA65F1418C2BB0056186F6195EB48E
                                                                                                                                                                                                    SHA-512:2EDE51F4B006199B30E4F645C395237C752F0501CB2FAAA7F6CF5B2386CCF759E264B8E6AAADC7396A4C412BC27A89F9C9CCCE0288C9355ED552A2BB09B9F329
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....K.o...u.y.."X.s....6e....+]...r...?.r3#...,-.x. C..R..W3....y......'..:[.b.2..\E.tWF...OQe^....E+e1.P.%....I...p.....r..... .9./.l8.T..4...`...QB.\..E..ps....X......E'd............l.s.jfpC.(...xL3#;..D...........H..-.5".g..0...S...+..ffA...`.T]l.%....q....>.|:.....V......2|.]oB..Su .2..);.....s...!_.Y...98...{(.+C..O.....O.R<.=...k..-.DK..s..'...[?ue%0.`...4H=mn]r...2...)....ae3.o.........Z.o.'..?...2...#...v.v..Fj.....I..D.;*[.........,..z@.CfI_...H|..v..N...DR.....<.E.mO.W....F....;...p.2]K...x..:^8s.!.Y.r..JE.q.^.v.+.T9...z.c..j..g..7.."..._\...9.....~...&.!.sg..........N6.01..................P...5.UD...P....t..@......~w...Y...~X..O...A;%....C..}....k..>...f....:w..c...m.@....Q.@.....L.A!...7.....,jZ]U(.^[!.A.+U...L.7.u.d!.... .v.:.....'/.J.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwrapperlib\jwstandalone.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):7347345
                                                                                                                                                                                                    Entropy (8bit):7.90172746120592
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:196608:wwi/gMH3RmWvsVleeD7/xdrkN98TlMY9S:X+fElLPkN98TlTs
                                                                                                                                                                                                    MD5:C339A8066A3EE3B6D98BC98CEAF360CC
                                                                                                                                                                                                    SHA1:0D63C6DB582D7009102C516BB28EEEBC7C8C1840
                                                                                                                                                                                                    SHA-256:2A176D30AD6123832D9C9D871A0C6511E53027CD3850FF2E73754C019937191D
                                                                                                                                                                                                    SHA-512:61C2CEB44A6F6F5754166D1368C34C17266AB600A4333D17370103B422B20A6622A6D617C2F08C8441354529D7B74CC7B4FF017B9B4631DBDBF9496DC7FB39E2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........ktJW5...>...<.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u..R..I.(-Vp,J..,K-R0.3.3......PK........ktJW................META-INF/PK........ftJW................jwrapper/PK........ftJW................jwrapper/updater/PK........ftJW................META-INF/maven/PK........ftJW................META-INF/maven/com.simplehelp/PK........ftJW............:...META-INF/maven/com.simplehelp/jwrapper-version-foundation/PK........ftJW................jwrapper/legacyutils/PK........ftJW............0...META-INF/maven/com.simplehelp/jwrapper-launcher/PK........htJW................com/PK........itJW................com/simplehelp/PK........itJW................com/simplehelp/macos/PK........itJW................com/simplehelp/macos/uid/PK........itJW................com/simplehelp/windows/PK........itJW................com/simplehelp/linux/PK........itJW............,...META-INF/maven/com.simplehelp/service-utils/PK........htJW................utils/PK........htJW................utils/serial

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwrapperlib\jwstandalonelaunch.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13506
                                                                                                                                                                                                    Entropy (8bit):7.768660882081999
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:K0btOHWS+ZiigbfKIzni0z62iYgfkYfeJYtk38k7jlRM4alLo6:rtO2S9lfKKihlcYfRE7z/alLd
                                                                                                                                                                                                    MD5:4D29ECCF3866C3FA82EFCA9DC8859CA9
                                                                                                                                                                                                    SHA1:2372F5BA5DD961BAE56CBA14E47FCA0A5EC4D963
                                                                                                                                                                                                    SHA-256:82132C71ED8AB43F1389AAA8B7FB51B9BA6332B05946B298A7660F3436B0F84F
                                                                                                                                                                                                    SHA-512:B618AC68D987B1C9D1AC732C4FFF08DA7347B8B37F4CC07745B0546ADE5E99532B7552FE1C1CAAF9BFCC961BCB2ED822E0CF5AB1467B2400CE6924FBC6F48C92
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........gtJW5...>...<.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u..R..I.(-Vp,J..,K-R0.3.3......PK........gtJW................META-INF/PK........ftJW................jwrapper/PK........ftJW................jwrapper/updater/PK........ftJW................jwrapper/legacyutils/PK........ftJW................META-INF/maven/PK........ftJW................META-INF/maven/com.simplehelp/PK........ftJW............0...META-INF/maven/com.simplehelp/jwrapper-launcher/PK........ftJW..H8N...D...+...jwrapper/updater/GenericUpdaterLaunch.class.S]S.@.=[J.. 5UDQ.*..M.O..K..g:.L.....0.n6V~..._..?...x.....{ss......O.kx..4.&n.q..L,........8.j.;y8....P.\..n.<....>...>..z[+O.....@..K..~$.r....s..j..m.]..<)^E.]...]_.`....W^....z.#.Jk...` T=.t.&.BH.<wg.x$.=b...'.f..OkK.I?..R^.. ..O...O..h.*1.F~;..+..X..4j'..p.6...N.c....x@...k.GxL4].............r..}!u\....u<aX:S......<.d......`(...zw_.DX:....Db. .O..o..h...r5..im-..c0.@j...b.8Ls.......F..Q..).S(.(.9..6-i.....\i/.Zt...........Ki.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwutils_win32.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):221120
                                                                                                                                                                                                    Entropy (8bit):6.880610441745664
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:bOX2K6Wqy7w6rRjKGvpU40ywcV1ASmv+c2Tj2qPNFgFzFLFKuF5F8:qXJxKGvpXxOcjLNKVF1v+
                                                                                                                                                                                                    MD5:6C81694E80A30AFDCB1FD52ABE69C17A
                                                                                                                                                                                                    SHA1:BC5B890A25AAF397B386091ED38591386F5A7730
                                                                                                                                                                                                    SHA-256:15EFD7FBC433648E95450ECE65EA27B2EB0C9142A8AAB011660E0287EAB366B2
                                                                                                                                                                                                    SHA-512:2E8C095C2CD338057FEF8B693E10F93EAF669111E67BD9A235B0903F25B016A9A2CE966A5F5086C415964D7B1EB3D35F1E45DA592111C9722B1B6C2B0F5A3033
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A]...<...<...<.."....<.."....<...D|..<...D{..<...Dk..<...<...<.."...2<.."....<.."....<..Rich.<..........................PE..L......b...........!.................................................................o...............................................@..................@U...P......................................X...@............................................text...E........................... ..`.rdata..S[.......`..................@..@.data....1....... ..................@....rsrc........@....... ..............@..@.reloc... ...P...0...0..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\jwutils_win64.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):249792
                                                                                                                                                                                                    Entropy (8bit):6.8031266037967315
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:6r89CMpnp0Goz/QHaXipiyRbJFDzQv7khZOq44lZK2hKZyqpiXBbgFFXFxFEsFgq:htxphC/bY/qIhZOzPQxMB/6s6kj
                                                                                                                                                                                                    MD5:3BC9749F5118F7D5F8C652CB59A60787
                                                                                                                                                                                                    SHA1:A570885B6085BB29AE31ACF9B806AE7563CA2F56
                                                                                                                                                                                                    SHA-256:061E2AA6FE2E27B6F2595B4703486C9BFB603CB276B780BC43F63B1F1B844198
                                                                                                                                                                                                    SHA-512:FADFED1FC1AC700149BCCE4343720465FC6FA5A96B4DA48A7DFFFCC0F3CCFC01593688F86D19A4DA80BEC8370130478FB6336110173D46282C38C443D723E661
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.....,...,...,...,...,...,...,.}.,...,.}.,...,.}.,...,.}.,...,...,...,...,...,...,...,...,...,Rich...,........PE..d......b.........." ........................................................ ......_...............................................`........z.......................z..@U..............................................................x............................text...z........................... ..`.rdata..2...........................@..@.data....;..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libjwutils_linux32.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, with debug_info, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10964
                                                                                                                                                                                                    Entropy (8bit):5.076716242686938
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:cvEsYRXi3WHsTyX3Qa/c2k6fBiQiBh66zvpELGatA7AmVMJftEPTz5AJY9XBMk:cJhmHsuX3Qgc2k6phsvpEqwZa6ED
                                                                                                                                                                                                    MD5:EDCD4C74DBF4E558CCC5023FF4FBFE28
                                                                                                                                                                                                    SHA1:A60995D8909BCB239A846B68D79163F04FB429A0
                                                                                                                                                                                                    SHA-256:226299D0171700CFA0ED668D3E5EE1036DC860D23AD9EB238BD0037BD9EA732F
                                                                                                                                                                                                    SHA-512:CF3CAC1636A7A80E3C62EDDE2F5331431E06D57F3D267D758BD3A3D560218402543091D16D0AD4AEBE1C862928A182A64A5D97C2481AE6C8BA02507317DF9290
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF........................4...H.......4. ...(.....................(...(...............(...($..($..T...X...............<...<$..<$..................Q.td............................%...5...................!...0.......2...3...........-...........,...............(.......%...4...+.../.......$...........#.......&...*...............'........................................................................................................................................................... ......."...........).......................................1.......................................................................$...............($..............0$..............8$..............t%..............|%.............."...&...........<...$...............Z...............t.......................................[...2...t...............|...............q.......?.......,.......................-.......T...........H...m...............s...............i...............6.......z.......Q...........`...m...........

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libjwutils_linux32arm.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=0d3184baadd25544b9ede9ac16431accd8ba85b7, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10894
                                                                                                                                                                                                    Entropy (8bit):5.071276698955684
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:ux62NwksYRXi3oaKoe30R5qFxBxTOD44ieMOImuiYGGoXBTE6A9ighVKdPO:H/hbKos7xBo4DOImvEdAGeO
                                                                                                                                                                                                    MD5:8A7574C4F327D70B144C92C126870C34
                                                                                                                                                                                                    SHA1:738A5C3F21A61C7DB0542E8D0715500B5AC1790E
                                                                                                                                                                                                    SHA-256:BBEC792801A81F7521F27FD872C9E1A2CA19456525A4E201E81A0F19776D0E0E
                                                                                                                                                                                                    SHA-512:A63C649565B0A8E5E0F12D5036A20B0479FF0FD42563297C1078017942212A4808A49F59B531030060521912132FA05E230C7997D480AAE66C8780FEFEB11402
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF..............(.........4...........4. ...(.....................D...D...............D...D...D...x...|...............P...P...P...................................$...$...........Q.td........................................GNU..1....UD....C.....%...3...................1...&.......-...........)...........+...!..............."...................................%...........2...............'...(...............................................,............................................................... .................../...................#...........$...........0...........*...............................................(...d.PP.....a...."....#........................!..."...#...%.......)...,.......0.......2.....4...>7....M6..vT<......qX...*..|Y.yc..}CE..f.}.'....}.=.}.....h.wJ.(.4..P.G7.<.f;.g.b.Y.*..W........&.X......................................L......................."...|...............V...............E...............{...............N...................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libjwutils_linux64.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, with debug_info, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14679
                                                                                                                                                                                                    Entropy (8bit):4.350735562177646
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:RQlhmShdvgpN8FPVuQLjZQyonXaoFs26LK09a:y3tBoQ2qt2j
                                                                                                                                                                                                    MD5:D28409795FB3212DC5621A680388AA8E
                                                                                                                                                                                                    SHA1:DE217E7DDAD46347A21C1E0684A9A044C87256F0
                                                                                                                                                                                                    SHA-256:D08B475F3E40077E40BF949DB73DE4836C0318A7D4CFBE310135F445AE7403FB
                                                                                                                                                                                                    SHA-512:D9E886AA9F32E1D1343CD09EE43CEE4ACB7C1E62ACA1DCC27A46BCB7D2ADC5942B812B31CF8FB1107B4054BBFCF9AD78C78625B038EBC8F183EAA146C1FC0DDC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF..............>.............@........"..........@.8...@..................................................................... ....... ....... .......................................H.......H.......H...............................P.td....................................................Q.td....................................................%...6.......1...........!...3.......4...5....... ...............-.......,...'...*...............)...2.......%...........#.......$.../...............(...0..................................................................................................................................................................."...........................+...&...........................................................x....................................................................................................................... .......................0.......................@...............................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libjwutils_linux64arm.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4b97def7328c5ced5eaff796c3e6ba3ff532c45b, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14344
                                                                                                                                                                                                    Entropy (8bit):4.259963884841952
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:BYOBWBhRXi3oCj/HE1pt6vRcNTLFe+Edbpr6ng6g2YywItBjH7iBSN+HR8V:z8sb/HEbNTvabprzl2YTG0T
                                                                                                                                                                                                    MD5:7D1547979BC4100F953BCADDE660FEB2
                                                                                                                                                                                                    SHA1:EBDC6F495DEEA51E8AC9604214B5F9EF3380DAA4
                                                                                                                                                                                                    SHA-256:1891ED1FBEDF1AFFF0C9A16919CDC8EBFCB6EAD6D4AC6DAFE5E2808B667CD56D
                                                                                                                                                                                                    SHA-512:6E57ACF344CE8A076C5574BD2212C87075BAAA07B124995A35D6342729B9F7CD261934EC532A12BC91111D17F31B895102F9434793DDC10BE94DCCC8A02A53A7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF.................... .......@........1..........@.8...@.....................................\.......\...............................................................................................................................................................$.......$...............P.td....................................................Q.td....................................................R.td............................0.......0...........................GNU.K...2.\.^.....?.2.[.........................Q.......X.I............................................"...%...'...(.......*.....>7M6....*c..}f.}.'....}.=.}.....h.wJ.(.4..P.G7.<.f;.g.b.Y.*.......&.X........................................................... .......................................... ...................F..."...................>.......................'.......................................................................2................................................... ...................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libjwutils_macos.jnilib

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mach-O universal binary with 3 architectures: [x86_64:Mach-O 64-bit x86_64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|NO_REEXPORTED_DYLIBS>] [i386:Mach-O i386 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|NO_REEXPORTED_DYLIBS>] [arm64:Mach-O 64-bit arm64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|NO_REEXPORTED_DYLIBS>]
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):125239
                                                                                                                                                                                                    Entropy (8bit):3.6990204799796764
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:0DQjBdspdqsJYEa1DnEyYsP3a1DnbE+sV6l7HeFgW6a1DnEr:0Eraza19X3a1u6lEJ6a1u
                                                                                                                                                                                                    MD5:0A4AC2CC7A3C46C036CBBD8A79FDA72B
                                                                                                                                                                                                    SHA1:D5DC6C3DD7D94EF85DDAEE7C8670C38C1E0E1F66
                                                                                                                                                                                                    SHA-256:3ED83BAC9E0A0756DD4D15EB43A8428FDBFF16D3D6094E8B832E8F1C0B1FF312
                                                                                                                                                                                                    SHA-512:78C593BD8BA9903224A9332A7A85418ADD613F0AF7CB15866D38F257772B395624882CB815F516D25D1115F41118383708BF1CFBB78D0166A6B7A38A0127B2CB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:......................k...................|x...................7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_base_arm-32.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=24c49cfad556ec10a11ff1f76fa38837f11eedd4, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15023
                                                                                                                                                                                                    Entropy (8bit):5.302339107549136
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:8Hi5J8paQnPKVQ30G2IBA6jaqTH9BOULqeeUc0R65kn7ZDfa+zw7qZdbr:8C5rkPKV4VLBO1/UHnTzw2n
                                                                                                                                                                                                    MD5:8B22D148E8A3E9ED697C534FBB66E9E4
                                                                                                                                                                                                    SHA1:A57406A296D8B6307AE8ECC3B725B3751BD8B21A
                                                                                                                                                                                                    SHA-256:91C627A058DA27C708734D7BD8EFC26BF83F457C8672A359254A30F74AB555EE
                                                                                                                                                                                                    SHA-512:CAF1271CBC765E1E32B23BEA7B1784E3E4AD34C633676AF641E3711D4B5D482E4D59DA8E816FF57C85BF08617F74A2C6C19F35FC318289FA1FC66F3F76F8F359
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF..............(.........4....!......4. ...(.....................H...H...........................................................................................$...$...........Q.td............................R.td........................................GNU.$...V......o..7....................!.A.."..(..I..X.....M @.................!...%...)...-.../...0...2...4.......5...7...8...9...;...<....._...4.}........@#... =vT<..`.HzvC.....(dTe...qX..".Z.....|X.y../W..<.14.....BE..G........O....._X9..P.V....W.,..(...e.z.$.yL.....................@...........................(...............R..........."............... ...................!...............................................................Q...............................................C........................................... ..."...............J..............."...............................................................a........... ...8........... ...3...............................................Z...................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_base_arm-64.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b08c12adf7a6eecd96eea4500533b4d34bb63e7e, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19789
                                                                                                                                                                                                    Entropy (8bit):4.439074951618062
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BiCvZ8pSGXfL4kylrLBWx06tu1KxlQGf7b6vdbr:BlvbGMTcxhyK7QFR
                                                                                                                                                                                                    MD5:46A3B2B7E086D5A1B428DE3B73F2E6E0
                                                                                                                                                                                                    SHA1:9A28F769D00E5D8B9F7769FAF6AC9DAF3F2DE475
                                                                                                                                                                                                    SHA-256:38D84B088D404FD6C637F08B1842C0419766DC49F077D3207E12594C1ACEE9F5
                                                                                                                                                                                                    SHA-512:7BCB0B2CA1D115C43D57C6C627CD5C17779A9F73173DCE49A6D2630DC42D5A485F86A879F1040051C782748B93F39A7B6F1FDFBF5B9B0196736B16E2CE17493C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF............................@........1..........@.8...@......................................%.......%......................p-......p-......p-......`................................-.......-.......-..............................................................$.......$...............Q.td....................................................R.td....p-......p-......p-..........................................GNU..........P.3..K.>~......................A.....(.....BX.!DLM................... ...$...(...,......./...1...3.......4...6...7...8...:...;....._...4.}........@#... =vT<..`.HzvC.....(dTe...qX..".Z.....|X.y../W..<.14.....BE..G........O....._X9..P.V....W.,..(...e.z.$.yL..............................................................-.......................................... ...................R..."...................1...............................................C...............................................J...............................................Q...............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_base_intel-32.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ea09cded1d8d1d6025689fce403d99330ccb7f20, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17392
                                                                                                                                                                                                    Entropy (8bit):4.986903728026284
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:kMv8pSaLUL3GPX3Qgc2qKXxhM0+PXDze7K8QN9wuaZNnf2v0Fdbr:kU6UTGfgg9PM0+PXDzeWNNWZNhD
                                                                                                                                                                                                    MD5:4103582749B953A29BE4EF600359A76A
                                                                                                                                                                                                    SHA1:C47FC1FBBBBBD0321676213A6C98EB220A0113B9
                                                                                                                                                                                                    SHA-256:D2794E35B6B1583797A81CE19908390EE0F10647A276121223784662B9B76642
                                                                                                                                                                                                    SHA-512:91A044FF0CD7BB98110FBFE43A9748EEFA1133AB5722475F2F70A29A013A356D94B5C4A851741A57ED74F67C3A70FF4B0A5DFE3575385E8CDBC5804F21954DC2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF........................4....1......4. ...(......................%...%...................>...>...........................>...>..................................$...$...........P.td............................Q.td............................R.td.....>...>..8...8.......................GNU........`%h..@=.3... ................ .A.."..(..H..H.....M @M.................... ...$...'...)...*...,.........../...1.......2...4...5....._.}........@#... =.`.HzvC.....(dTe...qX..".Z.....|../W..<.14.....BE..G........O....._X9..P.V..,..(...e.z.$.yL............................. ...................1...............................................................R..........."...................J...............C........................................................... ..."..............................."...............................................................a........... ...8........... ...3...................................p@..........................................(.......M...........

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_base_intel-64.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7ce88aa9e4ad542ef7acb6308b4b39138a05905e, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18977
                                                                                                                                                                                                    Entropy (8bit):4.73012923975088
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:RdT8pSafSumg2wrkMxfKq8JQ05U+6DyDSR8pfvNf5V05dbD:9gSjwkMxfKqEQ05UfDTWWX
                                                                                                                                                                                                    MD5:2C29B5037151F1C76A19DD4316E909BF
                                                                                                                                                                                                    SHA1:643527867BE8461F0FF1519C3132BB4F01C0E43C
                                                                                                                                                                                                    SHA-256:C4AAF320763382B7BDA7229B16E14BC469DCA6C5C7D5C592EF906C8FDFEFC80B
                                                                                                                                                                                                    SHA-512:D278672137F6B5F9444DF7D50EAD55298013484E560520F81AFFE82E380D40010B9765AEBA7BF41FFBDF51D0A2E9E3A454DB9FFFC3084056C45457DE638EA1B7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF..............>.....`.......@.......(2..........@.8...@......................................).......)........ ..............-.......- ......- .....t................. ..............-.......- ......- .............................................................$.......$...............P.td....x$......x$......x$..............................Q.td....................................................R.td.....-.......- ......- .....p.......p...........................GNU.|..T....0.K9....^......................A.."..(.....BX.!DHM..M....................!...%...(...*...+...-.../.......0...2.......3...5...6....._.}........@#... =.`.HzvC.....(dTe...qX..".Z.....|../W..<.14.....BE..G........O....._X9..P.V..,..(...e.z.$.yL................................................................................. ...........................................1...............................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_grab_arm-32.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=7f15c3163e8d4f99f231f4376e7bdd2506d6dab4, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14797
                                                                                                                                                                                                    Entropy (8bit):4.903435914064741
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:w80q8pQnBvZnkkgIpp7PBRh/rQnhO8dJc3dzYy1vZDfEtg8DNKkE:w802vZkkgIXFTYhVm1YWI7DE
                                                                                                                                                                                                    MD5:0B380761417BB7FE456D1649F7E925D0
                                                                                                                                                                                                    SHA1:2F609DB9AACD14906F9C4BBEFA58694AA512B55F
                                                                                                                                                                                                    SHA-256:3C7EEF7313DF16DB316472BBE18A1F32781B9FE957C648D68D1ED73AEAEF637D
                                                                                                                                                                                                    SHA-512:B6BBE94373F2B256ED799C51F289FD70F36E0E08C3B79CD899166A3E1947D53BE5C45AF68A3135512749F9441175D689C67B3A661D84711E4872F5A504DD6951
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF..............(.....h...4...4"......4. ...(.....................|...|...........................................................................................$...$...........Q.td............................R.td........................................GNU.....>.O..1.7n{.%.......&......................k.H.......`.........&...'...(...+.......2...3...5...:...;...<...?...@...C.......D...F.....4.....vT<..`.H............qX..9Cm......|Y.y...........=..-..m.BE..G..u...O^D}A.Ep.7mRn.N..G.$Z....z.B......W.b.Y...2.nN.Y'a.....................D...........................................R..........."............... ...................................................d...............l...............x...............................s...............&...............................................................8........................................................... ...N...............................m...............................................+...................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_grab_arm-64.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=59062dd60176c81290899b73d214b2e79e23fa1d, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20093
                                                                                                                                                                                                    Entropy (8bit):4.223197742934833
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:sqx8pzkcVBTyorAKVS3pvrp3xw3ZnfwfLAfnty4KR5tLkE:l8kK61hwpnfYQkR57
                                                                                                                                                                                                    MD5:1E643369EA7B1C82AB68121112BC5E30
                                                                                                                                                                                                    SHA1:A0F8AA10427EE73A60B9C26E019B309B20EFF188
                                                                                                                                                                                                    SHA-256:08892D24442B91BCAD85218B9D74E77D724D0F690446419C8721743A443262E0
                                                                                                                                                                                                    SHA-512:3DF664E0673EC1BD998E149F0AE64B442BCDBD304FCB930DFE83D42445A87E323B3E6CA5817B581A60D5A8D11F2598EE9F62194342DC666FAF9B290454465549
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF....................p.......@.......x2..........@.8...@......................................&.......&.......................-.......-.......-.......................................-.......-.......-..............................................................$.......$...............Q.td....................................................R.td.....-.......-.......-..........................................GNU.Y.-..v.....s....#..........&...................iH.K...$...L.@.....!....&...'...(...+.......2...3...5...:...;...<...?...@...C.......D...F.....4.....vT<..`.H............qX..9Cm......|Y.y...........=..-..m.BE..G..u...O^D}A.Ep.7mRn.N..G.$Z....z.B......W.b.Y...2.nN.Y'a..............................................................-.................................................................. ...........................................R..."...................o.......................1.......................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_grab_intel-32.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=983af6c747bb1f6190a4784faa9972be761323a2, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17580
                                                                                                                                                                                                    Entropy (8bit):4.768157109489257
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:3SkOJ8pzdZBw8sT09OX3Qgc2EwjHtnbaGLRDXnia8RtyJOEph/Lwcx8i8Sfr+T16:CdaziKwggTjNbXLtYcJl98iCRXK
                                                                                                                                                                                                    MD5:FA57592DFA41C6A16E611ABA912D90DB
                                                                                                                                                                                                    SHA1:F6DADDE200E2A51B436A44685B26007A0DE5FA29
                                                                                                                                                                                                    SHA-256:FD302D139E78AF2397F7A255B831B37E4233BC235DCF23C9C5A3DCA237B695AB
                                                                                                                                                                                                    SHA-512:451663E001B13E205AAA220B6C5C750378A83018C438738A89F118B59E0C2FE6B5AE68ECD92D26EDD2F996E23F83DDBB343E4AA37A419820820FBD53C055F744
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF........................4....1......4. ...(......................$...$...................>...>...........................>...>..................................$...$...........P.td............................Q.td............................R.td.....>...>..$...$.......................GNU..:..G..a..xO..r.v.#.....#............0.......@.j.H.......`.k............#...$...&...)...,...-.../...4...5...6...9...:...........=...?........`.H............qX..9Cm......|...........=..-..m.BE..G..u...O^D}A.Ep.7mRn.N..G.$Z....z.B....b.Y...2.nN.Y'a............................................................. ...................................e...............]...............................l...............................R..........."...................................................1........................................................... ...G...............................f...............................................$...................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_grab_intel-64.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d939c78b1a97fb52b3bdf9f1354ca0d209a25baf, not stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19352
                                                                                                                                                                                                    Entropy (8bit):4.431011588586782
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:R2wOi8pz3oYO3ja3hncUdkMxolq1KgxwUtPr6W2bLfkVTOqB5c:oTO3jUncUdFP14UACaH
                                                                                                                                                                                                    MD5:432D1EB045D0C16134E5930FF7661C15
                                                                                                                                                                                                    SHA1:B61829A4BE10CC724632D13AF437AACC528A984E
                                                                                                                                                                                                    SHA-256:3645A8546E97ED7E121C070035EAA58764DFA99243355639376FF9DEF9D8995D
                                                                                                                                                                                                    SHA-512:BE324331E314A64895656043BEA68A6DCB88F062395DEEAE49D92890C4BE00F806BF1DA9DDA84EA1CE360E3EC92E1CDF8C4DA27629A01B6191E10BF3D9C41953
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF..............>.............@........2..........@.8...@......................................).......)........ ..............-.......- ......- ....................... ..............-.......- ......- .............................................................$.......$...............P.td.....$.......$.......$..............................Q.td....................................................R.td.....-.......- ......- .....H.......H...........................GNU..9....R....5L....[.........$................ ..iH.J.@.$...H.@.+...!........$...%...'...*...-.......0...5...6...7...:...;...........>...@........`.H............qX..9Cm......|...........=..-..m.BE..G..u...O^D}A.Ep.7mRn.N..G.$Z....z.B....b.Y...2.nN.Y'a......................................................................................................... ...........................................................................................].......................q...............................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_wlgrab_arm-32.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=89d29057f4380122032b0f58cd14fcbabc138d65, stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1037968
                                                                                                                                                                                                    Entropy (8bit):6.1425832917819525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24576:zq/i2tsVb9IguHqF5ibCnggZAzB3nVwaI89a/fiVkV3dmoM75Lu0/7q+DROty7+U:zlgYAOu
                                                                                                                                                                                                    MD5:0440F9D17B8D5E7146C3142B9FE02463
                                                                                                                                                                                                    SHA1:AD2C3331BE3870DB0FD1B95415F264FAF41BCE4E
                                                                                                                                                                                                    SHA-256:621B1106157C24F480BC982FA0F17C54FBB9A3C4EAC4A8757FE5FA5A7A283DDC
                                                                                                                                                                                                    SHA-512:28EDBEB36DADA027F12076C5C4A77DE80C71A45168B5942717E9A24655F18211320C9E06541DECA1094FD73491D14FBDFAE56D9E2C6DB958F5AF564D195758E0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF..............(.....0...4...........4. ...(........p............(?..(?..........................HF..HF...............S...S...S...|..............................(...(...............4...4...4...$...$................S...S...S......p...........Q.td............................R.td.S...S...S..p|..p|......................GNU...W.8.".+.X.......e................. ...!..............................................................................................+oJA.Epz.B.G.$Z.....t.?..Z.U......#.....{.......................................S..........^...............................................................................................!...............................]...............Z...............................................................................................................................l........................................................... ...................X...............................................|...............;...............................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_wlgrab_arm-64.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=1b22c3fd3aab5963a88d50dbe64e8ed98ac20398, stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1182112
                                                                                                                                                                                                    Entropy (8bit):6.274424924381429
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:1Q2bko87kkcT68x4JdNFVz/j13tkPxqC5OUM/O3oXIZ00hPXHwO:Kt7xlFVrsn5OUMmYi2O
                                                                                                                                                                                                    MD5:DC0A0FA0923FE130265300D2FD0A5A21
                                                                                                                                                                                                    SHA1:147942E568011F41BAB03EFB06B0BEFF41D7290D
                                                                                                                                                                                                    SHA-256:0BE2BD23192BD0726C5754E025688C96E050A72CD77DBEC9CAE3213B3919AC79
                                                                                                                                                                                                    SHA-512:71A05D05B82191A1603D5602C42AEB3FB20DF449AF6A889894814C727845C32C04A8FEFD4B249FD063A7A813E8A491EFB14714509F2481FD151E5EBECFBE30F8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF............................@.......`...........@.8...@.....................................d.......d.......................................................................................................P.......P...............................................$.......$...............................................(.......................P.td....X-......X-......X-.......h.......h..............Q.td....................................................R.td................................................................GNU.."..:.Yc..P..N.......................... ............@.....................................................................................+oJA.Epz.B.G.$Z.....t.?..Z.U......#.....{.........................................................................................................................v.......................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_wlgrab_intel-32.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=053f1bb5e7fd9862400c09b65450800fef1af96a, stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1377844
                                                                                                                                                                                                    Entropy (8bit):6.410081013553587
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24576:xdzxS42n7vN02nlcbvTBsRfEI1PPEtimu4uY:xFSCpa57m
                                                                                                                                                                                                    MD5:1EA0228903E7AF6332853658E94A7B9C
                                                                                                                                                                                                    SHA1:727DE04502F0A4FE9A3F4375BD3D729FAC34833E
                                                                                                                                                                                                    SHA-256:3D7F950701098DD8C421A63570948A638068A5E9DEAB248312F96490F81BF387
                                                                                                                                                                                                    SHA-512:8E8C051D4B23BB6878446308D6A8565C57B99BECBADECEBC6BD5A2E0B14D91F4D819FC27008A88D9074B886412043E437999FA07F581F8292A3F00BE90B3C6D2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF........................4...........4. ...(......................................................|..t...........................(...(...............4...4...4...$...$...............................X...........P.td8...8...8...tg..tg..........Q.td............................R.td............h|..h|......................GNU..?.....b@...TP.....j................. ...!..............................................................................................+oJA.Epz.B.G.$Z.....t.?..Z.U......#.....{..................Y...............................N...............................................................................................................-...............................t...............z...............................................V...............................D...............u........................... ...E...............................i...............+...............................................M...............................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_lnative_wlgrab_intel-64.so

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7289b06ab84351098a1a9d22698830a3601537d1, stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1284424
                                                                                                                                                                                                    Entropy (8bit):6.052011079108358
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24576:7MQsXYgQPC4QM0s5Ry+l0C4btLFRdsR61TdFwa4WCPTOuOuRgNaDjGmQmmGmGnr+:7uXYgQ9l9RyEkRdsR61TdFwa4WCPTOuK
                                                                                                                                                                                                    MD5:5245734608D4A94439A59FE99403AA9F
                                                                                                                                                                                                    SHA1:86162F14A00ECD05738FC946309849059AD62146
                                                                                                                                                                                                    SHA-256:3D889CFDE9F4244E5E9E97EFE6D5FE427C9B8AF0F10AB1EE66DAE3E4F3C2077A
                                                                                                                                                                                                    SHA-512:FEBEFEF4C3AF2A5594E463C23FD39450A9E3E5AB6CC69687BDB25CE47FD1368A3222FFA561899B8AA7610BED8145E2742B59DF1A2DCE8BB45C80852DDD9D2A74
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.ELF..............>.............@...................@.8...@....................................................... .......................2.......2....................... ..............|.......|3......|3.....P.......P...............................................$.......$.................................2.......2.....(.......................P.td....@.......@.......@.......$h......$h..............Q.td....................................................R.td..............2.......2.....H.......H...........................GNU.r..j.CQ...."i.0.`.7...................... ............@.....................................................................................+oJA.Epz.B.G.$Z.....t.?..Z.U......#.....{..........................e.......................;...............................................H...............................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_mnative_arm-64.jnilib

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mach-O 64-bit arm64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):82976
                                                                                                                                                                                                    Entropy (8bit):4.14303357236509
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:4pTFE8KPyJ6H9QGPjtQ2uZiuhjW9mcSoezVHxAIDFnboe5ud3y/qtLaXvaB:ChbJKQFW9mcSoezVHxAIDFnEL3LtLv
                                                                                                                                                                                                    MD5:F0A492B6686EA4975AD89D2D3E8FE024
                                                                                                                                                                                                    SHA1:56EE84A0FCF9D2A8E4248ECC264CD25DB0DB4C09
                                                                                                                                                                                                    SHA-256:EEAB239157837163A17D43563BAB90C39869EDA1F94B8FAA2CA67880E65D68AC
                                                                                                                                                                                                    SHA-512:E089D4918D9032E1B0B4F2395640155955F747360A68E5852BE864421A32ED2DB894A6F127E2F61BFCA51487F8B27724B706F5F31C3CCB94429E46D5D2289A7D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....................`...................__TEXT..........................................................__text..........__TEXT..........8........H......8...............................__stubs.........__TEXT...........a...............a..............................__stub_helper...__TEXT...........d...............d..............................__objc_stubs....__TEXT..........(g..............(g..............................__objc_methlist.__TEXT...........l...............l..............................__const.........__TEXT..........Hm...... .......Hm..............................__cstring.......__TEXT..........hm..............hm..............................__objc_methname.__TEXT...........z......|........z..............................__objc_classname__TEXT...........~...............~..............................__objc_methtype.__TEXT...........~...............~..............................__gcc_except_tab__TEXT...........~......P........~..............................__unwind_info...

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_mnative_intel-32.jnilib

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mach-O i386 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48264
                                                                                                                                                                                                    Entropy (8bit):5.160409787073643
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:oAoIi2ie+nKFHA2bqbOVs1o6kkW92bHo2n:AYuKFgPyVs1o6/I2n
                                                                                                                                                                                                    MD5:799475D2756C2E876336FD75B6EB5F4E
                                                                                                                                                                                                    SHA1:9962E738234DB589B58D6CD7899DEF9A16A95C32
                                                                                                                                                                                                    SHA-256:7524E215283058A603276D1904069E1BCB55684EDCCEE64EAAB65BE0C0BF8644
                                                                                                                                                                                                    SHA-512:77323503DF77836947FEFDDBDD8C6D9248198E596E4951C0B06A7FA47BF4AD786553F8FC72A1837694C9857F4DDD112B75CC0C17811FD9A05CE4DC9DB50858A1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....................\...............__TEXT...............p.......p..................__text..........__TEXT..............rO..............................__symbol_stub...__TEXT..........2`......2`..........................__stub_helper...__TEXT...........a..F....a..........................__const.........__TEXT.......... e..D... e..........................__cstring.......__TEXT..........de..J...de..........................__unwind_info...__TEXT...........o..H....o..............................X...__DATA...........p.......p......................__dyld..........__DATA...........p.......p..........................__nl_symbol_ptr.__DATA...........p..0....p..................F.......__la_symbol_ptr.__DATA..........8p......8p..................R.......__const.........__DATA..........Pq..$...Pq..........................__cfstring......__DATA..........tq..`...tq..........................__data..........__DATA...........q.......q..........................__common........__DATA...........q..$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_mnative_intel-64.jnilib

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mach-O 64-bit x86_64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48596
                                                                                                                                                                                                    Entropy (8bit):5.1307808791821445
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:awUJhaxWNlEeCCc2E5D/kif5MgZuo6BTlnhelkHACT0bH0:i7NlEeCCc5bkaTuo6/gCTsH0
                                                                                                                                                                                                    MD5:00EC4A8DA3446338AC75C28BDB9422E3
                                                                                                                                                                                                    SHA1:B9C27C37D2436852861DF59F505E0F1C16615909
                                                                                                                                                                                                    SHA-256:F4935B47A7325043B921F0A11DF4F73C25BEE708F70D5D04C31FE75B947284D3
                                                                                                                                                                                                    SHA-512:05EBCFBB2780DD87B30E69126D8BB2C6F9F299F4B38AF506B9D72B01A2AE328470DD53521567BB55F0D4496A5AD62F23622493DEC2E04ABB9B2C9E7975A22790
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....................8...................__TEXT..........................................................__text..........__TEXT..........0........I......0...............................__stubs.........__TEXT...........e...............e..............................__stub_helper...__TEXT..........@g..............@g..............................__const.........__TEXT..........@j......`.......@j..............................__cstring.......__TEXT...........j...............j..............................__objc_methname.__TEXT..........Op......o.......Op..............................__objc_classname__TEXT...........s...............s..............................__objc_methtype.__TEXT...........s...............s..............................__gcc_except_tab__TEXT..........pt..............pt..............................__unwind_info...__TEXT...........u...............u..............................__eh_frame......__TEXT...........u......X........u..................................H...__DATA..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_mnative_lion_intel-32.jnilib

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mach-O i386 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):53240
                                                                                                                                                                                                    Entropy (8bit):5.334394277799203
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:5ECMoCoHJbbxMwiXOCZZve+WcZvLCCbQrSoezVHxAIDFnboUkr8I5Yp:DrH/EPmhcJLFbGSoezVHxAIDFnEP2p
                                                                                                                                                                                                    MD5:62D5A28E91D53BA9C3F0F2F724F0DE7E
                                                                                                                                                                                                    SHA1:5FC63AE71388F1E9D6062D0029BB7EC1EFFD67C0
                                                                                                                                                                                                    SHA-256:B4CFCE124F113273F97D390B022F7CEEB9157C890951AD07277D1925C50FE1F4
                                                                                                                                                                                                    SHA-512:E232AB10B79278104B5D46B41CDEC40461D108ED6D1A422ECF34527E508EA14258CA32A7C1B0D160AAABFB40D1FF5A204126655031137672E0A33FA3B64C1B91
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....................................__TEXT..........................................__text..........__TEXT..........p....S..p...........................__symbol_stub...__TEXT..........bi......bi..........................__stub_helper...__TEXT...........j.......j..........................__const.........__TEXT...........m..,....m..........................__cstring.......__TEXT...........m.......m..........................__unwind_info...__TEXT..............H.......................................__DATA..........................................__nl_symbol_ptr.__DATA..............H.......................C.......__la_symbol_ptr.__DATA..........H.......H...................U.......__const.........__DATA..........T...$...T...........................__cfstring......__DATA..........x...p...x...........................__data..........__DATA............................................__common........__DATA.............$...............................__bss...........__DATA..............,.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\libutils_mnative_lion_intel-64.jnilib

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mach-O 64-bit x86_64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):50832
                                                                                                                                                                                                    Entropy (8bit):5.529104520183272
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:e9jSxSTZyaPkte15iRj2mXSoezVHxAIDFnboxTlxM6VSwbV9TELt:oTZyaPh1cj22SoezVHxAIDFnEgegLt
                                                                                                                                                                                                    MD5:9B45305D59482C723E9ECFACE029C2AA
                                                                                                                                                                                                    SHA1:51FF4D4B8074C7557BC33EF3D8EBCC24EE24505F
                                                                                                                                                                                                    SHA-256:98DC1B4BBFDCD7CA8B26659771A8A4319DCBCC3E3F6F54EE28DC246B8C68CF75
                                                                                                                                                                                                    SHA-512:7D89E6A306B0F86DF40E6C2FCE84D66D3F88EE7DA4E213F5E8FDB9029BB1AFCBDECBEE563CDBC7C6E2CC170D87850CBACD741748DA91F4E530F58C23503F44AD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................__TEXT..........................................................__text..........__TEXT...................K......................................__stubs.........__TEXT...........^......z........^..............................__stub_helper...__TEXT..........X`..............X`..............................__const.........__TEXT...........b......P........b..............................__cstring.......__TEXT..........0c......P.......0c..............................__objc_methname.__TEXT...........p......o........p..............................__objc_classname__TEXT...........s...............s..............................__objc_methtype.__TEXT...........t...............t..............................__gcc_except_tab__TEXT...........t...............t..............................__unwind_info...__TEXT..........@u..............@u..............................__eh_frame......__TEXT...........u......(........u......................................__DATA..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\nativesplash.png

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9648
                                                                                                                                                                                                    Entropy (8bit):7.957885621230351
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:267jRSFcvb0Bt73D1eG7eMW10Ct3Oi3qrmxpftEKQAnnyU5VxAN5mlD1AfDQb:2EjTb03D1kv0a3BqCBXxnygbbcU
                                                                                                                                                                                                    MD5:3824F0C32D238E438CD1C3599957B36B
                                                                                                                                                                                                    SHA1:5E7DC61846CDD9B76DB99C6AB9172C3DDD41BB85
                                                                                                                                                                                                    SHA-256:FC6F0B7F36253F9699EBB6439BF9ECDB26A78623F526B6C079E619188E60D372
                                                                                                                                                                                                    SHA-512:3F943A1FB8845E66801B2287D87189C4EF4EDD81DD0E82D2CB42FC0941ADAAC2B39978CB19B9197CF8C7F6C6D3BE88CEEB0474EAB98BC2BCD45EA548FE5AD898
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR..............X....%wIDATx..]......CT.&.5.Yb....Il..`..cb..c....=.S..^P...".V:r..3{.P.-..4..;...=...........}~..w.1.;;.........@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@.p..r...[.9..l...i..644.t.;.l!WG...N..:&...Eb..e7....f.a..>..?N...y.6..%.Q.Z..+. |...y.R?#..h..&WM.A.NQ..3..5J{...c.....D.&....c.....J.t.+(......WJ.......~..G~...j. ..Z..7.5Ci.c...3...........x.7..m....4...Uk.G.....M..j..[.U.....*....F...}8.].1.....,$J...S?.*..s.....8rE&..)...u...1ck.....U._.V.Zk.=;...6i...8.....Q...B..._..Q.}.z..Q.U.f.eY...,.d...;......i][...9N.Hd....\..e.W.ng+.l...MP@..Q.y.mf3.p..;L53.....-:.b.....I..`...j..Gq2.RD..w...Z....z.f^...C..\y.&....o.6n.s.....4.`.(!yN.$dv....|....lx.kw....V...J.*t\....V....IG.>...p..R~<.@........|g....:Bn.`...CE..oE .`E......J...^.b.>Q....UT.{.k...<#:of...L9..T.E!a.%.M.Z.<...+.EA..:|dE ....G...V................A.;w=.....=....x..a.....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\session_win.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):155680
                                                                                                                                                                                                    Entropy (8bit):6.860613706831841
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:RJy4rcuFyICsnUL/DbBqdLufa4jggZKDTty0ACNJhACN7MACNJyACNJTACNIACN6:RJLIufC/DbsMNKDTty0FlFmFWF/TFGF4
                                                                                                                                                                                                    MD5:E6D42C11F69732831860A5EEEFD510A1
                                                                                                                                                                                                    SHA1:2ED5ED3AF36F5D9F4F98CC0A1FD8D68D11763FF2
                                                                                                                                                                                                    SHA-256:681660E2A0B47BB4A54EBB953898A6C516A0BCCCF2005D89B3188FB458A4B796
                                                                                                                                                                                                    SHA-512:DC802F2A6D3C6F685380DB2A325B1FE662F5C4EA3448E4EBFA9ED40B9D6B15D2141534DBA2D7C2E787F7A5DFC78797C7B7FB112B8C0C0FAC3741D713F39B9021
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u>.m1_.>1_.>1_.>...>!_.>...>._.>...>C_.>.P.>8_.>1_.>F_.>...>0_.>...>0_.>Rich1_.>........PE..L.....Ia.....................p......T>............@..........................p......C...........................................d....`..............0....T..............................................@............................................text...D........................... ..`.rdata...0.......@..................@..@.data...D-...0... ...0..............@....rsrc........`.......P..............@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\setsid

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Mach-O universal binary with 3 architectures: [i386:\012- Mach-O i386 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_HEAP_EXECUTION>] [x86_64:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>] [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE>]
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):83491
                                                                                                                                                                                                    Entropy (8bit):1.1362944712501635
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:B5HCsKpcEqHlyCAEtUtPqSh4HyQe6ux5eLQqfwyj3:zHxKalQnEtoh4SQeLOT
                                                                                                                                                                                                    MD5:FADA5F3DAF579E2076C0A19FE66A8AF0
                                                                                                                                                                                                    SHA1:8D23D531A728A2AACB158ADCD4E8A1C5BFC60288
                                                                                                                                                                                                    SHA-256:8A1BB52D377BCEE8C19712DC500D685CFB02859E703436C77E41DA86EA08B923
                                                                                                                                                                                                    SHA-512:505029C1C60C0701EF008CDD22A7F0E50A53E5279A4E12CD07631BAED21B3BAC3CDD23C69062AD0B31D518AD8979A74F669C8D658FF6D10C6DAC6DC9B1DAEB4F
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:......................#...............@...#`...................#........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shcad.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):179544
                                                                                                                                                                                                    Entropy (8bit):7.391459909684556
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:M9PL3SF2lnnI5CHSjE6/Q9rrM0rrV9r49rU9r09r/trqtrrFyFt:+L3SF2lLHSA6I91Nuye9EFU7
                                                                                                                                                                                                    MD5:D4056204BF0D116AAF2549BC711DE12D
                                                                                                                                                                                                    SHA1:1BB721336A2CC70852BEFFC1F6F8E09EC8EC4863
                                                                                                                                                                                                    SHA-256:E0DAF41E7A7AFA11E1331CFDF9EF4242C8BD0A661EB8191FF8621F5759235F5C
                                                                                                                                                                                                    SHA-512:CF0CECE5DBDCAB445B8AA43AE179C136D8925A4C40BA6F5A499D6E3182F1F05FF2C8A9D64BD38D709BD47951E70505E964A4654AE37558A995BC5DC1C3419CC3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...............Vm......V|......Vj..........................Vc......Vx.....Rich............................PE..L.....xH.....................F......w.............@.......................... .......;....@.....................................<....................g...U..........p...................................@...............4............................text.............................. ..`.rdata...".......$..................@..@.data....+..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shlinuxutil

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.0, stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4201
                                                                                                                                                                                                    Entropy (8bit):4.529965685444786
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:fjB5NQRI5T3KEAzkfdR9EJLV2AUEqoeerrer7t88iAUfZ6cLZzqXoHsnHc3N:fjB5NQGRKEFFRa/HqdAZ6CtqXoHsn89
                                                                                                                                                                                                    MD5:8F4229C6CB9A85E0B7D920DC59F8D2B8
                                                                                                                                                                                                    SHA1:7ABC79FE2BEED94157F75D6749CB6B580278750A
                                                                                                                                                                                                    SHA-256:41E033CE02975BE4776D49F10ED7C4A08CFDB65781C16EEB6EF8053557BAF0F5
                                                                                                                                                                                                    SHA-512:53625701512E2366CF49DD0EB80AC31650C679F35B39CF99CEC7822741D5081ED320FE5614A8BBB16696A6461B655A88921AD53F5E4DA48746910FB0F9EDD2CB
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:.ELF........................4...........4. ...(.........4...4...4...................................................................................................0...4...............................................(...(...(... ... ...........Q.td............................/lib/ld-linux.so.2..............GNU.........................................................................................................................................................................................................T.......................'...h...........-......................................................6.......;...X.........................................A...................x...........N........... ...b.......l.......o........... ....libX11.so.6.XCloseDisplay.XRootWindow._init.XQueryPointer._fini.XScreenCount._Jv_RegisterClasses.XOpenDisplay.__gmon_start__.libXfixes.so.3.libXext.so.6.libc.so.6.printf.strcmp._IO_stdin_used.__libc_start_main._edata.__bss_start._end.GLIBC_2.0............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shlinuxutil32arm

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 2.6.26, BuildID[sha1]=507685fb8feca3723270b8ae80547d48f9b62d70, stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4135
                                                                                                                                                                                                    Entropy (8bit):4.292421294736594
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:oUjrxt5zZlO1xBpL00OrXKQxMhZwOZyOV27Elt8EXAOXI0/al2e/X:5XxbExL+2Qxo2OZyt7ElvXI1l2IX
                                                                                                                                                                                                    MD5:D27AC5186A97F7BAFBF01F7CA53397AD
                                                                                                                                                                                                    SHA1:211E7F2B78058D49474AD7A8BCFCA8A0BCD83BA7
                                                                                                                                                                                                    SHA-256:37B4E5D984B9B37DE59C29EC5B3AD4A3D411D334B1CFB83BB8B2980875AA4194
                                                                                                                                                                                                    SHA-512:5B1AE27F98C964F83FDE14519E6F20AD196B917B85E7F1069F6BDD11ACFD97A04086B39BCAE2AF741264C5DF81FC6E8910CF3558771F09E240944C12AD0BBF68
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:.ELF..............(.........4...X.......4. ...(........p................................4...4...4.......................4...4...4...................................................................T...X...............................................P...P...P...D...D...........Q.td............................/lib/ld-linux-armhf.so.3................GNU.............................GNU.Pv....r2p...T}H..-p................................................................................................................................................................................!..@.@.....A..@$......................................................................4.....vT<......qX.}...f..s..|Y.y.N=.U".aBE..k...@...L)._.....W..+k............................. ............... ...................Q...............................0...............................................6...............................................................C...............................W...............p.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shlinuxutil64

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.0, stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6137
                                                                                                                                                                                                    Entropy (8bit):3.548122261886767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:GMTlAgEM2IlJ176lstScR94vs2Tk9azneUCB:GM5AgEM5JIcv4vs84
                                                                                                                                                                                                    MD5:63F0125B81804B57F8DB4157B976FA64
                                                                                                                                                                                                    SHA1:26ACCB2F7ED0FB46977E74C3D8C6929154E48255
                                                                                                                                                                                                    SHA-256:C007640ADCE86240954BE49AA57634D60BC5DF6ED3912A38224A665EB555CD78
                                                                                                                                                                                                    SHA-512:9B0DC1B4C8EE10014BEDDA43BE1B4B26F219369A1650716866C71597F7E1C19581062CBF5B21A057312E697EEB4316ECF020023A06F07164F678262730060110
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:.ELF..............>.......@.....@...................@.8...@.............@.......@.@.....@.@...............................................@.......@...............................................@.......@.....L.......L.......................P.......P.P.....P.P.....`.......h.......................x.......x.P.....x.P...............................................@.......@..... ....... ...............P.td....d.......d.@.....d.@.....,.......,...............Q.td..................................................../lib64/ld-linux-x86-64.so.2.............GNU.....................................................................................................................................................<.......................................................'.........@.............................".......-...............e.........................................P.............;.......8.@.......................P.......................P.............A.......................N... ...................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\shlinuxutil64arm

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=431f525625c5beb4fbfb109a08b2d73fdc6852ec, stripped
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6192
                                                                                                                                                                                                    Entropy (8bit):3.4472228175949953
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:y7U3EB+BtTpFh6hSaANDCs8rDc3MLcT6Lca9yt8nsjd0A28ZJa79:y7FB+B9h6hK+rEij4acSAG8ZJa79
                                                                                                                                                                                                    MD5:669C99D4FE8392182D713840B78C3AB4
                                                                                                                                                                                                    SHA1:2C94ED335CF7AB85761056562588A842214C93DF
                                                                                                                                                                                                    SHA-256:DB837AFF5CC099281D2BC82B5FFF6E2CE6327E9AC8BB6B8BA1DB32DDB653E72C
                                                                                                                                                                                                    SHA-512:DC83CEF921E07F6D86BC442DF3E0976FCC7E5DE6E37AAF7BFB777045A4DD0B14069345F59897051C1A3654DF0CB022DEF72BADC3246520EEC7D403827B1C65FC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:.ELF....................$.......@.......p...........@.8...@.............@.......@.......@.......................................8.......8.......8...............................................................................................................................................................................................................T.......T.......T.......D.......D...............P.td............................L.......L...............Q.td....................................................R.td............................x.......x.............../lib/ld-linux-aarch64.so.1..............GNU.............................GNU.C.RV%.........?.hR..................@"...@...............4.BE...|..W..qX.vT<.Y.y................................H.......................P...............R........................... ......................."...........................................m.......................)... ..........................................._.......................8... ...

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):79144
                                                                                                                                                                                                    Entropy (8bit):6.589693242148884
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:WxfqwmAlBaGbgVVlHXvHqf1B78bCP0DrRcSIq0ti+pWi2kNlTiPpWi2kNlTyEL:af9mWsvHqNOCPqW3ti+ACNiPACNxL
                                                                                                                                                                                                    MD5:CECCE6931ED84AB2ED40F8E5DECC4251
                                                                                                                                                                                                    SHA1:35C7054D48E22DCA205A3972781CE8258D27A7D5
                                                                                                                                                                                                    SHA-256:56D80D5FC71D84B0B5106D65962ECC080C6677B18E7775907B884494AAB83065
                                                                                                                                                                                                    SHA-512:3432E11055197F2FAB4A09FB02FA80C7D61FB286BF9CEC9292405DAFF5EB2AAE296167ABC008B21B368C61E2FF12425639725DE273DB036A8A4BFD397D853F18
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:.L.TKL.TKL.TKk-)K\.TKk-:KR.TKk-9K..TK...KO.TKL.UK..TKk-&KM.TKk-,KM.TKRichL.TK................PE..L......a.....................@......Q.............@..................................n..........................................(.......................(U..........`...............................x...@............................................text.............................. ..`.rdata..J........ ..................@..@.data...(+..........................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\simplehelper64.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):86312
                                                                                                                                                                                                    Entropy (8bit):6.5151975592149105
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:6YEl5cHVzffe7LXUj4SFyoBrUL3XXTACNFACN6/:6Y6KHVzffe7LXmF7BoLHXTF/F8
                                                                                                                                                                                                    MD5:7B2761CC6ED64D67C359E4646FFA46AD
                                                                                                                                                                                                    SHA1:94547208C2DA3FE8FE47881C1351A1DEBB0E1D4E
                                                                                                                                                                                                    SHA-256:6A979BF308BACAE11F62C84A0AECB36823CF0B47ECD47F67A41BB66DD5A55078
                                                                                                                                                                                                    SHA-512:07334F8F69E9CA1BB6373D94E92DD181FEA2FBBCE9CD2BC8DE2FA7D338E096B423946E6E621502EF2FF1FAD1F73EE20E17B3D9D31FE62F83D4063FA1B90CF60E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......jm.....Q...Q...Q..Q)..Q..Q0..Q..Q{..QX..Q-..Q...Qv..Q..Q/..Q..Q/..QRich...Q........PE..d......a..........#..........V................@..............................P......BF......................................................|...(....@.......0..........(U..............................................................8............................text.............................. ..`.rdata...,..........................@..@.data...85..........................@....pdata.......0......................@..@.rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\da.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):215245
                                                                                                                                                                                                    Entropy (8bit):5.311440994454596
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:KuA4CNFYL/lQYXJS9/4KwKWevH+QrGjmv/m4K/5Qzi+EuEna6tVwTYi8L2E6LGcJ:1A4CNFxV/KjeqnrtOYmEWURtcX
                                                                                                                                                                                                    MD5:D9E28C4590DDBB77E5C41AF8AC83B7D3
                                                                                                                                                                                                    SHA1:6209A64196AC4F7DE2CDC8FFB72F7851145D5B65
                                                                                                                                                                                                    SHA-256:1864ECCECC32DF05602BBB246DFA83B63C84D4751240A4C3A3EB0BB4D8E7D317
                                                                                                                                                                                                    SHA-512:284525249517CA3ED6BA67E33E5C9E76967AD42A4E67786B921B028B54877615CD4AE462D2E46775D6D7B912372192039262B1D87098CA9DF202205C37698663
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.########################.# DO NOT TRANSLATE.SIMPLEHELP = SimpleHelp.SIMPLEHELP_HELP_VERSION = SimpleHelp v.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.########################.POWERED_BY = Leveret af SimpleHelp.POWERED_BY_TECH = (Supporter klient).# Tech Client Login.SERVER_USERNAME = Brugernavn.SERVER_LOGIN = Server Login.SERVER_HOST_OR_IP = Server Hostnavn eller IP.SERVER_PORT = Server Port.SERVER_PASSWORD = Adgangskode.# General.Company = Firma.LOGIN = Login.EXIT = Exit.CONNECTING = Forbinder.CONNECT = Forbind.KICK_USER = Afbryd.TERMINATE = Afbryd.KILL_SESSION = Afbryd.WAITING = Venter

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\de.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):234166
                                                                                                                                                                                                    Entropy (8bit):5.315220143568042
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:ikaVrUB/CPTfrmAV9MD7FzMRNBgWKI4UJbObvKtwa28:ikaVAFzVGwa28
                                                                                                                                                                                                    MD5:13EA68A15A63CCD7F64516476BBB8A0B
                                                                                                                                                                                                    SHA1:1FCBE2CA4207F410BBF71C7784C00C4718E65121
                                                                                                                                                                                                    SHA-256:813C5872E299449BCBE46697003F1CC728660D9259AB7A4D4B24F3033DC1E64A
                                                                                                                                                                                                    SHA-512:F68E7CA644E354AD13D51DF41BE63C878286CE028700CCF6113FBD9E9F919CF54E4A8E159B9AC2100BE5B758D91D0E43A97097D77F0A24AA012924393F2E3F00
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - German.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Powered by SimpleSupport.POWERED_BY_TECH = (Techniker Client).# Technischer Kunde Login.SERVER_USERNAME = Benutzername.SERVER_LOGIN = Server-Einloggen.SERVER_HOST_OR_IP = Server-Hauptrechner oder IP.SERVER_PORT = Server-Port.SERVER_PASSWORD = Passwort.# Allgemeines.Company = Company.LOGIN = Einloggen.EXIT = AusgangLizemz.CONNECTING = Anschlie.en.CONNECT = Verbinden.KICK_USER = Beenden.TERMINATE = Beenden.KILL_SESSION = Beenden.WAITING = Warten.CONNECTED = Verbunden.OK = OK.CANCEL = Abbrechen.ACCEPT = Akzeptieren.REJECT = A

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\en.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):216899
                                                                                                                                                                                                    Entropy (8bit):5.240025743986884
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:Y69qsnCk4aoCw6Nl/KfmroAE+OVmdDc8bhXaTRrR3o:DqcFYrNo
                                                                                                                                                                                                    MD5:E4B3483826661C3D5430379904E4465C
                                                                                                                                                                                                    SHA1:84A87C610DE3D618BA9B399E1A06674A589ED8FD
                                                                                                                                                                                                    SHA-256:E2AEFD0B08FD3D8F2D4B2F9F941CD4D19D8855A3602D7B7806BC0ABD192192E4
                                                                                                                                                                                                    SHA-512:57AB86269823D48CC5CA39E3BFA2E4C3F6D6B8292DA2B34050077936784F852EE9645B1088975BB3840FA48EE413BFE73ED65E2CE59650B5BB2793BA18003921
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - English.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.########################.# DO NOT TRANSLATE.SIMPLEHELP = SimpleHelp.SIMPLEHELP_HELP_VERSION = SimpleHelp v.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.########################.POWERED_BY = Powered by SimpleHelp.POWERED_BY_TECH = (Technician Client).# Tech Client Login.SERVER_USERNAME = Username.SERVER_LOGIN = Server Login.SERVER_HOST_OR_IP = Server Host or IP.SERVER_PORT = Server Port.SERVER_PASSWORD = Password.# General.Company = Company.LOGIN = Login.EXIT = Exit.CONNECTING = Connecting.CONNECT = Connect.KICK_USER = Terminate.TERMINATE = Terminate.KILL_SESSION = Terminate.WAITI

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\es.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (315)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):235027
                                                                                                                                                                                                    Entropy (8bit):5.219843432808848
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:2WjIv6aOALSm+eBP0KMf4PMLmu+KsgnYd/155H15NLR13NqI0x7vF:vj7wu+wcLRJ0H
                                                                                                                                                                                                    MD5:A45D7E08349A42329A3F9447F490FED2
                                                                                                                                                                                                    SHA1:00573D2299D4C6AD9F15FB27745269337565A9C2
                                                                                                                                                                                                    SHA-256:706389543C412990812745BEB9C8EC5A70FCB3B0F94C12B9FBF1E6D8DB2E371A
                                                                                                                                                                                                    SHA-512:61F32E6E3B8A600F99B01A98297DAA2DFB24E8548D01121E9EDF3B5F155B32D9E3443C944AB096DD2980D773393781EE1B654071B73562A49216BBAE5ADD51CB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Provisto de SimpleHelp.POWERED_BY_TECH = (Tecnico Cliente).# Tech Client Login.SERVER_USERNAME = Nombre.SERVER_LOGIN = Servidor Conexion.SERVER_HOST_OR_IP = Servidor Nombre de Dominio o IP.SERVER_PORT = Servidor Puerto del TCP.SERVER_PASSWORD = Contrase.a.# General.Company = Compa..a.LOGIN = Conexion.EXIT = Salir.CONNECTING = Conectando.CONNECT = Conectar.KICK_USER = Desconectar.TERMINATE = Desconectar.KILL_SESSION = Desconectar.WAITING = Esperando.CONNECTED = Conectado.OK = OK.CANCEL = Cancelar.ACCEPT = Aceptar.REJECT = Rechazar

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\fr.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):242677
                                                                                                                                                                                                    Entropy (8bit):5.269203032764692
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:I0kp9lPhiTTZaVuLCn/irMVpV3Sg9AnOPUl2Us+TF5NBHCn:I0kp9lPhibC/dMlpFHBHC
                                                                                                                                                                                                    MD5:01D3A06E92F2862FA3CEE820B8ED821A
                                                                                                                                                                                                    SHA1:D08E6F017B03CEC105B5E063DC5558E2C571EE95
                                                                                                                                                                                                    SHA-256:28ECD630F1EDC0FB459DE65810BA7FD073F2FFF669C3B7A84E8FAC2BCDDE54F6
                                                                                                                                                                                                    SHA-512:12317066A1B3143C5E50E92279C4B8498F857A383D05E95CC95DE8013826A4A3B25C4F4AA2F84BA63D2C154B2D74BEAFD9DBA05B5C9C4B0DD35D16A1309E559D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - French.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = .dit. par SimpleHelp.POWERED_BY_TECH = (Client Technicien).# Connexion Client Technicien.SERVER_USERNAME = Utilisateur.SERVER_LOGIN = Acc.s au Serveur.SERVER_HOST_OR_IP = Adresse h.te ou IP du Serveur.SERVER_PORT = Port du Serveur.SERVER_PASSWORD = Mot de Passe.# G.n.ral.Company = Entreprise.LOGIN = Se connecter.EXIT = Quitter.CONNECTING = Connexion.CONNECT = Connecter.KICK_USER = D.connecter.TERMINATE = D.connecter.KILL_SESSION = D.connecter.WAITING = En Attente.CONNECTED = En Cours.OK = OK.CANCEL = Annuler.ACCEPT

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\it.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):232035
                                                                                                                                                                                                    Entropy (8bit):5.184561521854242
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:45gTAzTV66uU4vN77jFCMzjKx0Z8EtktYcJwYKvszf:YzUdv8
                                                                                                                                                                                                    MD5:9329D562181CD3E575FDA48C92BBD922
                                                                                                                                                                                                    SHA1:1DF9DF555AB9808D539103846D4BF979C3411EDA
                                                                                                                                                                                                    SHA-256:5636A90FE3F7E6F46211A914721E6E89E16FF2A72AE0E7DDB3356961A7E0B45A
                                                                                                                                                                                                    SHA-512:EA7DA25017925B2959A08CE16BF6A9887008ABC627728AD8B29324F5B3644186CA7B4217BF320128F530C3ED722D760FA953FC211BD24044AF8EDCB81EA5B31A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - Italian.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Powered by SimpleHelp.POWERED_BY_TECH = (Client Tecnico).# Tech Client Login.SERVER_USERNAME = Nome utente.SERVER_LOGIN = Login per il server.SERVER_HOST_OR_IP = Hostname o indirizzo IP del server.SERVER_PORT = Porta del server.SERVER_PASSWORD = Password.# General.Company = Societ..LOGIN = Login.EXIT = Esci.CONNECTING = Connessione.CONNECT = Connetti.KICK_USER = Termina.TERMINATE = Termina.KILL_SESSION = Termina sessione.WAITING = Attendere.CONNECTED = Connesso.OK = OK.CANCEL = Annulla.ACCEPT = Accetta.REJECT = Rifiuta.RE

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\nl.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (305)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):226220
                                                                                                                                                                                                    Entropy (8bit):5.233290818582553
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:KIyJhoTNU3m0u/uHx85sZHUXHTL7W2Ra59FB6pr0iP1j/aEvlYVND1Nr1Izr2tV9:vGbc5GiP1jBlVasrNzrJ8G3K+TgjIM
                                                                                                                                                                                                    MD5:3365EB8CBD8ABAB73EDF2D60CF15398E
                                                                                                                                                                                                    SHA1:EC96024C80064B3573F2FF864B30FD2BB84ACE06
                                                                                                                                                                                                    SHA-256:C1F3CABC945E03F993B5E04A1E79AEF12A939614CF0262323F574F9BEFB40E70
                                                                                                                                                                                                    SHA-512:7BCD015A18E50532CAE1973D6587CC9D6DEAF9F9527AFFF4C32FED5F849C7E0CE63A69399F4CCD4243D8491EDCCFEEC080FF148F9B3664555B343BD9E1E94E74
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - Dutch.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Realisatie SimpleHelp.POWERED_BY_TECH = (Helpdesk Client).# Tech Client Login.SERVER_USERNAME = Gebruikersnaam.SERVER_LOGIN = Server Login.SERVER_HOST_OR_IP = Server Host of IP.SERVER_PORT = Server Poort.SERVER_PASSWORD = Wachtwoord.# General.Company = Bedrijf.LOGIN = Aanmelden.EXIT = Sluiten.CONNECTING = Verbinden.CONNECT = Verbind.KICK_USER = Be.indig.TERMINATE = Be.indig.KILL_SESSION = Be.indig.WAITING = Wachten.CONNECTED = Verbonden.OK = OK.CANCEL = Annuleer.ACCEPT = Accepteer.REJECT = Afwijzen.REFRESH = Vernieuwen.PU

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\pt.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):233015
                                                                                                                                                                                                    Entropy (8bit):5.29031953243118
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:7goIk/KIC8Jy3IQb0YexAb3Txm1noBGh0YXcDQrtwdAUKO4ShqFnfVfvHLvljx:8oIQ1oIqq7vrNjx
                                                                                                                                                                                                    MD5:AA82474D04897DDC092FEC4235CB86C7
                                                                                                                                                                                                    SHA1:42E52D70A72FEE18CF89568D9CA61248ECB26597
                                                                                                                                                                                                    SHA-256:C11845282752EEC46901CED02FB7D016BCBCED1A95A0FBC371BBD07BE9F11AE0
                                                                                                                                                                                                    SHA-512:3604288BDD126C9B104992C8C36508181ADEF7678D3BAD027F6477E97430C65B8B72A1609FFA1357DC3890D212F9D0A5CEF4D094464E6D6E14D4CB137A8C21BC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - Portugues.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Produzido por SimpleHelp.POWERED_BY_TECH = (T.cnico Cliente).# Tech Client Login.SERVER_USERNAME = Utilizador.SERVER_LOGIN = Servidor de Conex.o.SERVER_HOST_OR_IP = Nome do Servidor ou IP.SERVER_PORT = Porta do Servidor.SERVER_PASSWORD = Palavra-passe.# General.Company = Empresa.LOGIN = Conex.o.EXIT = Sair.CONNECTING = Conectando.CONNECT = Conectar.KICK_USER = Desconectar o utilizador.TERMINATE = Desconectar.KILL_SESSION = Desconectar a sess.o.WAITING = Esperando.CONNECTED = Conectado.OK = OK.CANCEL = Cancelar.ACCEPT

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\translations\sv.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):217363
                                                                                                                                                                                                    Entropy (8bit):5.371991557783809
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:KDP4/mxznPfWGjuY/jjHUZHqW76tvshbHJ6+l+H6LQUYWU+0Sx/2fHL+lDAAhDrJ:o4/SuqwV6shvhuPL+yYrZrVROnYR
                                                                                                                                                                                                    MD5:0A7F5E03426A22152416B67240F78101
                                                                                                                                                                                                    SHA1:56BE521DE9960BF69902F40CA1D3F92E22AFEF72
                                                                                                                                                                                                    SHA-256:331CE6D61A333B6EBFD0C9F3B46E25A88EC17960EBF1FE4BDF72CBA99111C0F6
                                                                                                                                                                                                    SHA-512:10503E5F3645EC024C9C84C6C9B4D1EDACAEA497F6266BF0CD9323B0D8789EB3E182C628E3ACAAAB21ACD206985FBE0E57E446BE3AE61E5651834EFCEE0759D8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - Swedish.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Drivs av SimpleHelp.POWERED_BY_TECH = (Tekniker Client).# Tech Client Login.SERVER_USERNAME = Anv.ndarnamn.SERVER_LOGIN = Server Login.SERVER_HOST_OR_IP = Server V.rd eller IP.SERVER_PORT = Server Port.SERVER_PASSWORD = L.senord.# General.LOGIN = Logga in.EXIT = Avsluta.CONNECTING = Ansluter.CONNECT = Anslut.KICK_USER = Avsluta.TERMINATE = Avsluta.KILL_SESSION = Avsluta.WAITING = V.ntar.CONNECTED = Ansluten.OK = OK.CANCEL = Avbryt.ACCEPT = Acceptera.REJECT = Avvisa.REFRESH = Uppdatera.PUT = Skicka.GET = H.mta.DELETE =

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_dxgi_intel-32.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):136616
                                                                                                                                                                                                    Entropy (8bit):6.48208955998323
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:rpxPQy6KFzSmgYiZewzxDgu0JDPlRyzsnTERA0Cr4/V1yzB6lhEJACN6ACNM:rpxNXStgDPzUjCr4nyzB6lcFIFi
                                                                                                                                                                                                    MD5:075190B9E9D22995B054D00BAC6D32BF
                                                                                                                                                                                                    SHA1:2C49B7441B27FE857A33762170958AFC72F2AC87
                                                                                                                                                                                                    SHA-256:510221064E8AEE73189621AFBC2CF3E1FC55377D13A20EF5C379EFAC51556FD0
                                                                                                                                                                                                    SHA-512:D83583515D7B4523E26C170016BA57AE62EE64EEF81D3A0851548804EA25A3F004FEADCCA9C365AC26398FFFFCC4971D8B61A644AC810A5CE780F3793B880DE0
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w..Z...Z...Z...}..M...}..x...}..$...Z...:...ay.S...a}.[...}..X...}..[...}..[...RichZ...................PE..L...'p.e...........!.....0...........I.......@......................................c................................g..|....^..d........................U..........................................XY..@............@..l............................text....$.......0.................. ..`.rdata...(...@...0...@..............@..@.data...\6...p... ...p..............@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_dxgi_intel-64.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):160168
                                                                                                                                                                                                    Entropy (8bit):6.5191234665690025
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:nwwPgcmFa8t0qeQOS9EGyFwOp27S7OHiZOqSgku3Q2Grp8G62sqJxFrFV:nwYgtaS04El4G7CiZO0m62sWNv
                                                                                                                                                                                                    MD5:36EE3E5CF41FD6F4CB339BC62A469A2F
                                                                                                                                                                                                    SHA1:75AD36162C7513CE74D74742AB3D19474DFB6FC5
                                                                                                                                                                                                    SHA-256:BCEFF8F6F439AE671993233C44E40A9DCC63CBA05D9E43B9F9FDAF39FD20777E
                                                                                                                                                                                                    SHA-512:4FDBDEA505FB8AAA68AB01C87094DDA1CAF3BAA59E006086112B1B99E7E5F5E1E21A9BAD282E6548B182003B6C354C1251AB87AF2E2692214E50E0FE68161816
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.4.0.ZW0.ZW0.ZW.Q'W7.ZW.Q4W..ZW.Q7WD.ZW9..W9.ZW0.[WR.ZW_..W1.ZW.Q+W2.ZW.Q W1.ZW.Q"W1.ZWRich0.ZW........PE..d...&p.e.........." .................^...............................................m..................................................|.......d....`.......@...........U...p.......................................................................................text.............................. ..`.rdata...L.......N..................@..@.data...H@..........................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..8....p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_intel-32.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):202136
                                                                                                                                                                                                    Entropy (8bit):6.575721516742258
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:aISZX22f4Ut6YCRqcdzUBcMmtNu69P/7CSFpyXzSJLNhkFuFU:atZG4t0MBcbNuc7Cd2JZhko+
                                                                                                                                                                                                    MD5:1065756574431B40190427B3047B4E73
                                                                                                                                                                                                    SHA1:DCF85749BBBDE937E7BBB8774CB9C6B1AFE6C87B
                                                                                                                                                                                                    SHA-256:193E5FC5E00AD5494119B99A9526047839A391BF4998F27E25BA6715AD870473
                                                                                                                                                                                                    SHA-512:3AE69A06162B14CC0C16F6202BF6AF6CEB5286AA4EAF46A8FA15CF88A7F4D84AE017DA10DB2E567E005945EEFFD091C85239D1AE2A5776EB25D7B4BADE76D099
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}..}..}.....}.....}....".}..|.R.}.^....}.^....}.^....}.....}.....}.....}.Rich..}.........PE..L...3p.e...........!................................................................F...................................3%..(............................U..............................................@............................................text............................... ..`.rdata..3...........................@..@.data....Z...`... ...`..............@....rsrc...............................@..@.reloc..F%.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_intel-64.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):235928
                                                                                                                                                                                                    Entropy (8bit):6.527870095210602
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:zYQVqceOGvd9raXEdM5YaT8fiwp4ub+ia6+N5Q4JYrZOqCVUYCP8bCu1aYpypVmK:zYesO4rs5Y4Cv+3yrZOJGybCuRWmNEv
                                                                                                                                                                                                    MD5:80B30E2AD89622349C398EA52287FC93
                                                                                                                                                                                                    SHA1:A006731028AF004F1942B35B6021AA381445B3C3
                                                                                                                                                                                                    SHA-256:C994CBC5FBE807926F38D330DE8BC1FA9A0785DA72A0CA821DDCFC0968130A4F
                                                                                                                                                                                                    SHA-512:DA7D2CAB04CD607CBAC32EB4F930717DB549B472FF58F2DAD44882ED00406B908F445C40EDD5A8C8A1150AB10FA696682B723F77712FED53A96989051A781F7E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..BXz.BXz.BXz.e...EXz.e...hXz.e...4Xz.K .OXz.BX{..Xz.K ..CXz.K ..AXz.e...NXz.e...CXz.e...CXz.RichBXz.........................PE..d...-p.e.........." .....(..............................................................................................................#......................H!...D...U...........................................................@...............................text....&.......(.................. ..`.rdata.......@.......,..............@..@.data....e..........................@....pdata..H!......."..................@..@.rsrc................8..............@..@.reloc..8............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_shpty_intel-32.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):91520
                                                                                                                                                                                                    Entropy (8bit):6.314490097655163
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:qZ3RVBlbGofPuNP2t7pNLntqkJoY4ACN7qACN9:qVio+Et7pxtRijFJqFf
                                                                                                                                                                                                    MD5:46EFBAD2120884049C6BD795C4EB75D5
                                                                                                                                                                                                    SHA1:6FC7EE38EF6EB20292436201A1B5D4A95639CB40
                                                                                                                                                                                                    SHA-256:010D8DBB0F9AB714EB2BD01BCD394E0DF274C14BB2217DFCC5C1F24CF9F94B7B
                                                                                                                                                                                                    SHA-512:1CE54214CA9A1E4DFDEA20EA15AA64CDCF62113D86A0A77E7DF50918A0268FC75618DB18070CB0EDC2EB6FAECE79503A2F678FA12920B0385C9D0C2518EDCD7C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8k..V8..V8..V8..+8..V8..88..V8..;8..V8t..8..V8.N.8..V8..W8..V8..'8..V8..,8..V8...8..V8Rich..V8........PE..L...!..a...........!.........p......I&....................................... ......+...................................t...|...<........................U..........................................`...@...............d............................text............................... ..`.rdata...#.......0..................@..@.data....-....... ..................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_shpty_intel-64.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):93056
                                                                                                                                                                                                    Entropy (8bit):6.492812378072843
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:uNeDYmcgg/aivQfeHm5ne/7d74kpYAsACNIACNM:uNeDYmci2QfeHm5e/7d74kpYAsFKFW
                                                                                                                                                                                                    MD5:BBACA90E7D1C4605BA4B27E4246F850F
                                                                                                                                                                                                    SHA1:5529A7B5076E2139AFD74160922B9D28E83F3D9A
                                                                                                                                                                                                    SHA-256:F3A610E5E029FF3BAA9333870EBE2D5B644A5E7176DACBEA2B7829636A0FF3FF
                                                                                                                                                                                                    SHA-512:AE647236FBF8B2E281E64F4C1F334176E2184CA847B655B94915F99CA7B8D3000E326AE90E28C43C89BDC83FB3789067EB7A1B7CFCFCE4CFA9C19AD8264FE242
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I.\L(m.L(m.L(m.k...K(m.k...l(m.k...+(m.EP..N(m.....O(m.L(l.&(m.k...N(m.k...M(m.k...M(m.RichL(m.........PE..d......a.........." .........b.......-.......................................p......'...................................................X...@...<....P.......@...........U...`.......................................................................................text...n........................... ..`.rdata..H5.......6..................@..@.data....8..........................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_winpty_intel-32.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):193408
                                                                                                                                                                                                    Entropy (8bit):6.6294545749017155
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:cDIlfuQwh9tc1Mz0m+akq7Tdz7TVtae0+urC1ybmq+HvWhd2PIaOb4SjRFBFq:cDIlfCf0Jad7TkPaqonPtTSjRv8
                                                                                                                                                                                                    MD5:FD2ACB8138631023A138A0BA7414B71B
                                                                                                                                                                                                    SHA1:4F274BC4ACB50655B3A6A0E8165FCE5077EB9093
                                                                                                                                                                                                    SHA-256:FAB448B0CDC63F546D5FEB50EF38A1F13D3891C1702481E56AB90D32FF679D31
                                                                                                                                                                                                    SHA-512:BE85FADD4602D388CE0AA717F9A07592FD70B24E1E2F9E83162B6F00B37482E3F754DA08604A9F031475D146D3BB060FFF75F4497BBD9943F047D356D61D6B12
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........UbU.;1U.;1U.;1X..1O.;1X..1(.;1X..1e.;1\..1R.;1U.:1#.;1...1X.;1...1T.;1X..1T.;1...1T.;1RichU.;1........PE..L......a...........!......................................................................@......................... f..g....h..P........................U..........................................PD..@............................................text...{........................... ..`.rdata..............................@..@.data....7...........d..............@....rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\utils_wnative_winpty_intel-64.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):225664
                                                                                                                                                                                                    Entropy (8bit):6.186998801398434
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:Qzlgi1AArqtzKTu9OXrYgLbtzZVrDMhD641bF1fbN+vr0h1rT8pqTsj/FxFD:QztnrizKT1YgN/rDceIpArkT8ATM/Xd
                                                                                                                                                                                                    MD5:176324A6B527023B441E9EB563C43E3F
                                                                                                                                                                                                    SHA1:4D0FCA8700A402FA8C396F952492A26EC57AC784
                                                                                                                                                                                                    SHA-256:6F4103BE88C0C638A191556AB6CDCBBA5BBA785FBB28AA90C4C389E076A89F13
                                                                                                                                                                                                    SHA-512:03D7B8F1E8E3909031924072AF0231E00C49DFCE58FE0BD2807D6CF9ECA075C04D457D4F04BAB1A8FF1DAC1100709846BD074873A4250AAD94DF195DC1419EEB
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........MB..,,..,,..,,.}..,,.}...,,.}...,,..T...,,..,-.,,.H....,,.H....,,..~...,,.H....,,.Rich.,,.........PE..d......a.........." .........t............................................................`.............................................g.......P....`.......@..<........U...p..........................................p...............p............................text............................... ..`.rdata..............................@..@.data....D....... ..................@....pdata..<....@......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):247680
                                                                                                                                                                                                    Entropy (8bit):6.636513662205058
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:bc1snP6qHJLLVQpmiwZE1pw3SgqcoSR5Uc/kJ:bc1sP6oZGpmiwZE1gS47UcU
                                                                                                                                                                                                    MD5:39AF70F76825599C0BFA21F2C1D3E0DA
                                                                                                                                                                                                    SHA1:318EB5DF33434376B24A8E731E8CE522157C29D3
                                                                                                                                                                                                    SHA-256:8DF867CA5093762E3EC30B91D05F13BEC568E19BD22FF01C88CF3325C46E8F3D
                                                                                                                                                                                                    SHA-512:CD23E27E7BDE19DF4E7C0A65EFD9465C1C7019D150ACE1D2B373A69E39A0A32D2060B68C6B25C849C4FAAB857EA1634794C76EB11CB0015EBD0D718F42BC6E75
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..x..x..*Y..x..*f..x..*g..x.....x..x...x..6.g..x..*].x..6.X.x..Rich.x..................PE..L...p..a.................V..........M........p....@.......................................@..................................1..d....................r...U.......$..................................p...@............p..$............................text...{U.......V.................. ..`.rdata.......p.......Z..............@..@.data...\7...@.......*..............@....rsrc................D..............@..@.reloc...$.......&...L..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\winpty-agent64.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):292224
                                                                                                                                                                                                    Entropy (8bit):6.264531285306189
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:fJ3xfuRV+6fKASzOjTbD4HT+Ur169l5cCf34b1N10XO:kSASzcTIk7p2b13
                                                                                                                                                                                                    MD5:9C14E5ACE445D2AD1570F42C42D3F5C9
                                                                                                                                                                                                    SHA1:0156D4357D2F0DAFFE4084988DB63D81AC152CA8
                                                                                                                                                                                                    SHA-256:46F7A0B475868696E0AD7E26AB6CBBCFDE2FCD33CF8455C9A690F4E85B12B284
                                                                                                                                                                                                    SHA-512:B39CA9D63C9B775E6C344B2DE13D67AE2525A8D3BDB65C620011EFF439C1FE7EA5D010F9DB8A9E56CC2CFE9870A524E7A45BFB41CB6483A1BA9FC4DA0A457DE4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P. ...N...N...N.R..`.N.R....N.R..;.N......N...O...N.......N......N.......N.Rich..N.................PE..d...Y..a.........."............................@....................................m.....`.................................................$...d....`.......0...'... ...U...p......................................0^..p...............X............................text....~.......................... ..`.rdata...A.......B..................@..@.data....D....... ..................@....pdata...'...0...(..................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\ASSEMBLY_EXCEPTION

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1522
                                                                                                                                                                                                    Entropy (8bit):4.747042537008044
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:b0fFDmMbmRMAOJDcJb3W2zeD34eXqC/5Wx/kaRilV8hWrwr1:b09PbmqAOJIW2KT4eXqC/5WFkaEQW8Z
                                                                                                                                                                                                    MD5:D94F7C92FF61C5D3F8E9433F76E39F74
                                                                                                                                                                                                    SHA1:7A9B074CA8D783DBE5310ECC22F5538B65CC918E
                                                                                                                                                                                                    SHA-256:A44EB7B5CAF5534C6EF536B21EDB40B4D6BABF91BF97D9D45596868618B2C6FB
                                                                                                                                                                                                    SHA-512:D4044F6CEB094753075036920C0669631F4D3C13203CAF2BEA345E2CC4094905719732010BBE1CAE97BC78743AA6DEF7C2AA33F3E8FCA9971F2CA0457837D3B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.OPENJDK ASSEMBLY EXCEPTION..The OpenJDK source code made available by Oracle America, Inc. (Oracle) at.openjdk.java.net ("OpenJDK Code") is distributed under the terms of the GNU.General Public License <http://www.gnu.org/copyleft/gpl.html> version 2.only ("GPL2"), with the following clarification and special exception... Linking this OpenJDK Code statically or dynamically with other code. is making a combined work based on this library. Thus, the terms. and conditions of GPL2 cover the whole combination... As a special exception, Oracle gives you permission to link this. OpenJDK Code with certain code licensed by Oracle as indicated at. http://openjdk.java.net/legal/exception-modules-2007-05-08.html. ("Designated Exception Modules") to produce an executable,. regardless of the license terms of the Designated Exception Modules,. and to copy and distribute the resulting executable under GPL2,. provided that the Designated Exception Modules continue to be.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\CLASSPATH_EXCEPTION_NOTE

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):552
                                                                                                                                                                                                    Entropy (8bit):4.7745662333200345
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:MiupB7xGXmyFo0U8hawEQ7CxGK2omrmBs2pBQRJ5dqI06q6lCH/:MPD0XlEQaLBszR906qp
                                                                                                                                                                                                    MD5:C5487E4061809B89C950DFAD70912B82
                                                                                                                                                                                                    SHA1:E8F513239CAAEDECDC91223C39E786710204C2E8
                                                                                                                                                                                                    SHA-256:18111D961876128ED662C9E730A4164A9FF5FD902E47E50FCA54A55B96933E4B
                                                                                                                                                                                                    SHA-512:3611A48E5C19A7B2181401AA22692260BA57629120D53823A1B403DB44869E6959AB2D7EE7417A369825033F00252EA47D9C2988E6D4BA1474A716C013252AA8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:A .Classpath Exception File. means any source file contained in this distribution which contains the following words in such file.s header: .Oracle designates this particular file as subject to the "Classpath" exception as provided by Oracle in the LICENSE file that accompanied this code... .Azul Systems, Inc. hereby confirms that each Classpath Exception File is subject to the clarification and special exception to the GPL that is outlined in the accompanying LICENSE file (under the heading ..CLASSPATH. EXCEPTION TO THE GPL.)..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\DISCLAIMER

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2758
                                                                                                                                                                                                    Entropy (8bit):4.991999130939829
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:eYeKDiBt09PXNQ3acb4TTBmZEGIRS1pp4DeL/hDV+TwGYCTssZ8Vv9sdZjs3cpb6:eMDinKNHBaPH1/pGYmZ8V/cRqnP
                                                                                                                                                                                                    MD5:57999502B1B260B46C8AC67368E54565
                                                                                                                                                                                                    SHA1:182DC12C9C157ADF50DF713CB5519C9A83AFD313
                                                                                                                                                                                                    SHA-256:25D1A025FD194F671FBFF4B855A744C2CB902330856878EE3615575B8C2D8B04
                                                                                                                                                                                                    SHA-512:AAA0F6203E0DEE8BCCDD17A6C212E9CF8BAB408B78A2D6498A20D8D5157DCBA8C88344315EA4F789A26CE53D10825A21DE9689E9456639471AF9E3DDE3214486
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:The copyrights in this software and any visual or audio work distributed with.the software belong to Azul Systems, Inc. and those included in all other notice.files either listed in the readme file or contained in any other included notice.files with this distribution. All rights are reserved. Installation of this.software and any Azul software bundled with or derived from this software is.licensed only in accordance with these terms...Provided you have not received the software directly from Azul and have already.agreed to the terms of a separate license agreement, by installing, using or.distributing this software you, on your own behalf and on behalf of your.employer or principal, agree to be bound by these terms. If you do not agree to.any of these terms, you may not use, copy, transmit, distribute nor install this.software...The software is developed and owned by Azul and/or any of its affiliates,.subsidiaries or respective suppliers and licensors. The software also includes.certa

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\LICENSE

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19274
                                                                                                                                                                                                    Entropy (8bit):4.667864876938965
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:sY2fSz/rGvS/66YsaZdIP3Lf4vAkMVhPGkupdDdicW:7vuvVmjkbylupdDdiZ
                                                                                                                                                                                                    MD5:3E0B59F8FAC05C3C03D4A26BBDA13F8F
                                                                                                                                                                                                    SHA1:A4FB972C240D89131EE9E16B845CD302E0ECB05F
                                                                                                                                                                                                    SHA-256:4B9ABEBC4338048A7C2DC184E9F800DEB349366BDF28EB23C2677A77B4C87726
                                                                                                                                                                                                    SHA-512:6732288C682A39ED9EDF11A151F6F48E742696F4A762C0C7D8872B99B9F6D5AB6C305064D4910B1A254862A873129F11FD0FA56FF11BC577D29303F4FB492673
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:The GNU General Public License (GPL)..Version 2, June 1991..Copyright (C) 1989, 1991 Free Software Foundation, Inc..51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA..Everyone is permitted to copy and distribute verbatim copies of this license.document, but changing it is not allowed...Preamble..The licenses for most software are designed to take away your freedom to share.and change it. By contrast, the GNU General Public License is intended to.guarantee your freedom to share and change free software--to make sure the.software is free for all its users. This General Public License applies to.most of the Free Software Foundation's software and to any other program whose.authors commit to using it. (Some other Free Software Foundation software is.covered by the GNU Library General Public License instead.) You can apply it to.your programs, too...When we speak of free software, we are referring to freedom, not price. Our.General Public Licenses are designed to make sure that

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\THIRD_PARTY_README

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):167579
                                                                                                                                                                                                    Entropy (8bit):4.99515907079648
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:Yj33DuS8sY5sPfqN7amC35qs4NZ1G8OANn16XBPb3Ucw+4oHmZ/bcm9lHNhJ75eK:YqN2p5iy3Ucw+4osHfJRLERa
                                                                                                                                                                                                    MD5:38CE805E78FE5D53B1C96DED461C4A7E
                                                                                                                                                                                                    SHA1:693EEAF9531AA341A5A3E58FDF5CBEB4EA4C0BC2
                                                                                                                                                                                                    SHA-256:D5526593B5F7E82117D9FEAC5F435849F5C60BB97A27E6355C0F1ADCD67CBFED
                                                                                                                                                                                                    SHA-512:B59C2AB17AD10FD2424BE87ED7E5B7899CB349B6FAA85F51CB5088ACF9FB3584C1E4299DAE4E1D134995F0B996D8423CA0D39DF03B300519232A8A22683E940E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:DO NOT TRANSLATE OR LOCALIZE..-----------------------------..%% This notice is provided with respect to ASM Bytecode Manipulation .Framework v5.0.3, which may be included with JRE 8, and JDK 8, and .OpenJDK 8...--- begin of LICENSE ---..Copyright (c) 2000-2011 France T.l.com.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions.are met:..1. Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...3. Neither the name of the copyright holders nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWAR

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\Welcome.html

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1168
                                                                                                                                                                                                    Entropy (8bit):4.659815638386024
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:qTpF1QmEd71usn2OcjR5HbtNA+S98bfhxeUkzQ98niGWbyTtaJ88D9xaKcmip1aN:0pvUn0Rxjv48bf228nidh3Okm2Upm
                                                                                                                                                                                                    MD5:FE7A3453E7C912BF8BEE7406CB969E3F
                                                                                                                                                                                                    SHA1:0657C5F2C036D73EA75D53D9537BD9EB9AE36144
                                                                                                                                                                                                    SHA-256:43FD2BA19D558D9B3F4DF6564B4E003531DFC2EF7240BBC1C395A4BA151E7D7C
                                                                                                                                                                                                    SHA-512:E2EBF712885679AB999EC08A8BFEE2321B47DBAE6B66AAE860930CD2407682CB3D71AE6D26793EA7838311E36524425E2F6BCA735F74376435848A823CAC44BB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<!doctype html>.<html>. <head>. <title>. Welcome to Zulu, the open Java(TM) platform from Azul Systems.. </title>. </head>. <body>. <h2>Welcome to Zulu, the open Java<sup><small>&trade;</small></sup>platform from Azul Systems<sup><small>&reg;</small></sup></h2>. <p>The Zulu environment includes the Java&trade; runtime, compiler, and tools. It provides complete runtime support for Java applications.. <h3>Reference Documentation</h3>. <p>See the <a href="http://docs.azul.com/zulu/zuludocs/">Zulu user documentation</a> for more information on Zulu installation, operation, and troubleshooting.. <p>See the <a href="http://docs.azul.com/zulu/zulurelnotes/">Release Notes</a> for release details on Zulu versions and system requirements.. <h3>Community</h3>. <p>Visit the <a href="http://zulu.org/forum">Zulu community</a> site for recent discussions, news, and release notifications for Zulu.. <hr>. <

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JAWTAccessBridge-32.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15488
                                                                                                                                                                                                    Entropy (8bit):6.221538754145753
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:bcdMr5Ypi3XLPVT6qsmbszfullDWpH8ps7/2e/BZHkWKZq:aMNr7PVKmbszfujDG8pQ2Ihcq
                                                                                                                                                                                                    MD5:CBC56EFC5CF42BEABA156D32A27E7DF4
                                                                                                                                                                                                    SHA1:BDA41B68BB5D6347621C37D01DD723B28865A6F7
                                                                                                                                                                                                    SHA-256:515DCDEB0135E1A4D02C097DFAF84D8761861674532555D6F79F86FA254D1F4A
                                                                                                                                                                                                    SHA-512:92AB426EE9622A1B4F60FDDC67F69685D282D19FA0BE464B78F315BF59EBD96F536FB32E73927198EFFC966971FC17C93D07A01948F7A9930DC229F5A8E5B028
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L....l`...........!......................... ...............................`.......O....@.........................@%......."..P....@..P............".......P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...`....0......................@....rsrc...P....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JAWTAccessBridge.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15488
                                                                                                                                                                                                    Entropy (8bit):6.218306916264753
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:HcdMr5Ya3XLPVT6os6aEDHcu7DWpH8ps7/5M3aBZHknRP:WMN17PVW6HDHcu7DG8pQq4h8
                                                                                                                                                                                                    MD5:49E6F3B681FB490FE330AD142BDC998D
                                                                                                                                                                                                    SHA1:AD0489E43A2FF100BAA2A1659D2B66967B29030D
                                                                                                                                                                                                    SHA-256:EFD22A9D9A5007F46695CC85F0FE14D0F9F61BD960CCB7C5ACAB7A46EE367C8F
                                                                                                                                                                                                    SHA-512:F778A49FD3D76BF799970DD51B3AA025B1A15BB7ABA7C258A0EC1CC04C621767867562B483BC4BB4C0634AFC03210F6818E2647E46E1F2203CDA0B688D2B707A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L....l`...........!......................... ...............................`.......A....@.........................@%......."..P....@..D............".......P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..A.... ......................@..@.data...`....0......................@....rsrc...D....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JavaAccessBridge-32.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):134272
                                                                                                                                                                                                    Entropy (8bit):6.4525838979911505
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:jYnyUoRofS8g50ODOS6auR/KztUHDgI64Z6EYyjkGKezyPZL2S2YaJ5uZTD8Bv5A:jYyGfS8g50ODt6ao4tERp/cb
                                                                                                                                                                                                    MD5:DD28D8588F6BE8B347F37006A24C1B7E
                                                                                                                                                                                                    SHA1:BE84D9083252064FF989BEF21CB1BE1BF9EC7295
                                                                                                                                                                                                    SHA-256:8F406FD9BCCD564FC5671752A4EBA1E5C1A0C43F1A5FD1D91DEF46C39CBCEE36
                                                                                                                                                                                                    SHA-512:78D95B9CE01C96A694A3BA03F1D2CBD704DA12F17AAB59AC0CC1CF325CFF9CF311CE7F158647BD57BFA91077DBFB77511CAC8C8A2776851ABA2BCE1AA836A3FD
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4a._4a._4a._/.._6a._/.._1a._/.)_?a._=.._1a._4a._qa._/.(_3a._/.._5a._/.._5a._/.._5a._Rich4a._........................PE..L.....l`...........!......... ............................................... .......I....@.................................\...P.......P...........................@...................................@............... ............................text............................... ..`.rdata..6...........................@..@.data...............................@....rsrc...P...........................@..@.reloc..j...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\JavaAccessBridge.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):133248
                                                                                                                                                                                                    Entropy (8bit):6.447364639477118
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:6jIcNeGBXR6BNMTFRWDKztUHDgI64Z6EYy6kvKezyPZL2S2YaJ5uZTD8Bv5szS+l:6jNNVXR6BGHvtENps3pv
                                                                                                                                                                                                    MD5:811FC2D91B55184009D7333193309610
                                                                                                                                                                                                    SHA1:DBC510C8E60C6EC6A48027934C0A0519C054EAF8
                                                                                                                                                                                                    SHA-256:071A03235E7FF3ED838C88C368E4E6362AA82C1D3A5ADAC42FB10D85CA2F3894
                                                                                                                                                                                                    SHA-512:ACB218AB47CEDD6862038158CC80A8BC17B173036433DF3DCAD52A3CFE271CB9FA389B36FA975EAE49BEC5DBFE03B0318D47AF8208C3EF35B7F8E18835F69EF8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4a._4a._4a._/.._6a._/.._1a._/.)_?a._=.._1a._4a._qa._/.(_3a._/.._5a._/.._5a._/.._5a._Rich4a._........................PE..L.....l`...........!................m........................................ ............@.....................................P.......D...........................@...............................x...@............... ............................text...^........................... ..`.rdata..............................@..@.data...............................@....rsrc...D...........................@..@.reloc..d...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\WindowsAccessBridge-32.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):114304
                                                                                                                                                                                                    Entropy (8bit):6.518015500220713
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:GWb2Rvp4WYwY8ib7jswqeKDSSqmuhx5pe3Ff/lbmicLuk4t1Bf8QDUV+0tf:GW3WYwY8ibUwq1DUnpcFCiBXarf
                                                                                                                                                                                                    MD5:5ACB402BF89C7592C97A82ECDEA6DE88
                                                                                                                                                                                                    SHA1:5580F1919106D6C45ED57D9E5F906FEA73FD4319
                                                                                                                                                                                                    SHA-256:C8D40571DF70401A3B86E682D6E71AEA8F50C8C7B9B4A5F85B23B7ADB7822610
                                                                                                                                                                                                    SHA-512:C11CFADF0F2A19724B3F183BD178324F3EDFB7A3B80766642EDA384F4E6D94CD0AC89262AD15F8867776FE4BEFAB7743395B655A6B3AE4F621AA751BA9617059
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........!.i.r.i.r.i.r..pr.i.r..Dr.i.r..}r.i.r.i.r.i.r..Er.i.r..ur.i.r..tr.i.r..sr.i.rRich.i.r........................PE..L.....l`...........!.................~...............................................y....@..........................r..A....k..<.......\............................................................d..@...............\............................text............................... ..`.rdata...q.......r..................@..@.data...h-...........r..............@....rsrc...\...........................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\WindowsAccessBridge.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):112768
                                                                                                                                                                                                    Entropy (8bit):6.500749522486758
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:dfHjerM8ZFmGIbebD4C+TtWiq98SP0SW3VE/lOPhy8LnkC9Fum63kny866fQF:HvGIbK4hTtor0GChjl63knuOM
                                                                                                                                                                                                    MD5:0BE71BE21D3D588EFB69ABE3B1BF4A09
                                                                                                                                                                                                    SHA1:576B49F37FB01888EA0870310B1253D0FE9757DE
                                                                                                                                                                                                    SHA-256:53E111061F891DF0A6EFE3B2B209EF39B2E2A7122565A9FFED35356E9C12B90A
                                                                                                                                                                                                    SHA-512:319695A0759592BDA551548C2B585556025000F0A06D68AB6C9907DD273E7FEDE84A60CF1336967E8454F23A3DACCDC8ADC29597AFDA5EB6C58A3DBE181342C2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........!.i.r.i.r.i.r..pr.i.r..Dr.i.r..}r.i.r.i.r.i.r..Er.i.r..ur.i.r..tr.i.r..sr.i.rRich.i.r........................PE..L.....l`...........!.................y..............................................S.....@.........................Pq..>....i..<.......P............................................................c..@...............\............................text...X........................... ..`.rdata...o.......p..................@..@.data...h-...........l..............@....rsrc...P............|..............@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\awt.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1181824
                                                                                                                                                                                                    Entropy (8bit):6.626627001657152
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24576:ufwG4m5sL9Tn7he87UkCCnJtNtluyoH0h4:uG4PHE4
                                                                                                                                                                                                    MD5:F8E52C9BB7928D2E4BFDBCCDD0F20264
                                                                                                                                                                                                    SHA1:1DF5A1A00FC862C42C1D5E1C89762C43AF788A45
                                                                                                                                                                                                    SHA-256:EFA39B2953C4646BF23BF36353F3E46E5252A62AFB04DB7EB9BCDEC7C08CACFD
                                                                                                                                                                                                    SHA-512:2ACF1AE7D6602CAB01EE5B5E383F499BF8ABEABB59BB817ACF26D71890D928289029BB6E6968239A207DC86245367518E8579074761ADDABD44122FBE6914E47
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?G..?G..?G..G..?G...G..?G...G..?Gz..G..?G..G..?G..G..?G..>G/.?G...Gs.?G...Gw.?G...G..?G...G..?G...G..?GRich..?G........................PE..L....l`...........!.........\.......T.......................................P.......U....@.................................|............;...................P..x..................................h...@...............4...<g..`....................text.............................. ..`.rdata..2...........................@..@.data........P...~...B..............@....rsrc....;.......<..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\client\Xusage.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1423
                                                                                                                                                                                                    Entropy (8bit):4.176285626070561
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:N3ZYKm8fuW6psByGJjR0X46kA2SsGFhD+GbpGCOhLRr3n:mOLUskGJjyltsGFV+GbpGCOTr
                                                                                                                                                                                                    MD5:B3174769A9E9E654812315468AE9C5FA
                                                                                                                                                                                                    SHA1:238B369DFC7EB8F0DC6A85CDD080ED4B78388CA8
                                                                                                                                                                                                    SHA-256:37CF4E6CDC4357CEBB0EC8108D5CB0AD42611F675B926C819AE03B74CE990A08
                                                                                                                                                                                                    SHA-512:0815CA93C8CF762468DE668AD7F0EB0BDD3802DCAA42D55F2FB57A4AE23D9B9E2FE148898A28FE22C846A4FCDF1EE5190E74BCDABF206F73DA2DE644EA62A5D3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: -Xmixed mixed mode execution (default). -Xint interpreted mode execution only. -Xbootclasspath:<directories and zip/jar files separated by ;>. set search path for bootstrap classes and resources. -Xbootclasspath/a:<directories and zip/jar files separated by ;>. append to end of bootstrap class path. -Xbootclasspath/p:<directories and zip/jar files separated by ;>. prepend in front of bootstrap class path. -Xnoclassgc disable class garbage collection. -Xincgc enable incremental garbage collection. -Xloggc:<file> log GC status to a file with time stamps. -Xbatch disable background compilation. -Xms<size> set initial Java heap size. -Xmx<size> set maximum Java heap size. -Xss<size> set java thread stack size. -Xprof output cpu profiling data. -Xfuture enable strictest checks, anticipating futur

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\client\jvm.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3970176
                                                                                                                                                                                                    Entropy (8bit):6.830613321321348
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:lxF62xf6qzZ0CQ1tdNdujDQeZetuuTcv/G1y:lxF62xxZ0CQvdujDQeE5cv/Gc
                                                                                                                                                                                                    MD5:AD097EBA9B877FEF2770F0D7C6AA8B66
                                                                                                                                                                                                    SHA1:7649970441014F1C7359E6602CE1C702EB6729A8
                                                                                                                                                                                                    SHA-256:1BB778575301D60089B78705C59A895F4CBCDE5F325445D40B2E14B9FB070D8B
                                                                                                                                                                                                    SHA-512:722A8D16D87642F4D3D7CD955D9A55EA0EB2DD4225F3B194ACF2AC37EBA3580FC1CB2B51A8FC1F493D75D6D4805B2722662CDCFA1A04D871DA46CDF7A0626B64
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R.H.3w..3w..3w......3w..}...3w......3w......3w..K...3w..3v..2w......1w......3w......3w......3w.Rich.3w.........................PE..L.....l`...........!......-.........j.-......................................@>.....D.<...@...........................5.....l.5.......:..............z<.......:..N...................................A4.@...............,............................text...n.-.......-................. ..`.rdata................-.............@..@.data.........6.......6.............@....rsrc.........:.......8.............@..@.reloc........:.......8.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\dt_shmem.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):25728
                                                                                                                                                                                                    Entropy (8bit):6.636488607208924
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:/RZQgxsj7ttBesu6NXv6ZEPG5rvDh50EODG8pQ49hYxn5:/RWYsfttXVv6W+B8EODGE9hYh5
                                                                                                                                                                                                    MD5:85D91DCCFB0F8FABBADA531D9E1AF885
                                                                                                                                                                                                    SHA1:D59DE2AB373A04180E000C2EAFB26AC9EC3B1E39
                                                                                                                                                                                                    SHA-256:7ECCE24E6C1F2F1BA89DF4E4BB4F09364361B3BD5AA63BE77368693CA7886A3F
                                                                                                                                                                                                    SHA-512:97B979DCAEE9BDC06BA0EB9543B66C9C9B75A4171978AC032072228F9B2448FB12C4ABE73CC452C7303462F2408BA46D768668091A4D00C80331B34DC71769F1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L.....l`...........!.....*...........4.......@......................................3.....@.........................PM......<H..<....p..|............J...............A...............................G..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc...|....p.......B..............@..@.reloc..~............F..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\dt_socket.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22144
                                                                                                                                                                                                    Entropy (8bit):6.590808299098946
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:kwdi4i9u1aIVW9cYyXWDrpPVmFF9RKDG8pQ/lCh76:Jdi3lk2cYyX2rpdgRKDGD0hO
                                                                                                                                                                                                    MD5:5DC9C1E5F568276312D05F0FE6C6DEED
                                                                                                                                                                                                    SHA1:355C28639E75395C2EA6B11CF58D94327D5A73E1
                                                                                                                                                                                                    SHA-256:02BAC691249D76CB2334980E222BB372007E1AAF80D25D6690552A20F6D87EB9
                                                                                                                                                                                                    SHA-512:DC8657B34961EC85CDC48546D45E8A47F255F933CE11726EDE1CBEDD17286AA88D19D21504E0CA24C413F179521B44B8FCDF8262627C0131AACBBB2FAA61FFFE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L....l`...........!.................&.......0......................................m.....@.........................`A..U....<..P....`...............<.......p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\fontmanager.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):234624
                                                                                                                                                                                                    Entropy (8bit):6.498757451797519
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:IPdtDhQk0tKzG2G7IUEFhgfIRbHbB1FGMReiDmYASOBBW:6dtDhQk0tKzG2G7IUEFhgfQtGSt
                                                                                                                                                                                                    MD5:86BFA090F82BC7B2DC351B06CE64C455
                                                                                                                                                                                                    SHA1:E9E0CDD695738D4CBB39EDDC48D5B5B2649C56A6
                                                                                                                                                                                                    SHA-256:924DC9A985B26EF19958D17D23E18D8B8E2A552D8A11D0018014D21E632342EB
                                                                                                                                                                                                    SHA-512:1939D84A42AEDE06C76C9B8E6B5093FF60ECDE7944B24E2C26CBE7B1C5E5223CAC70F5779BBC5F21C6F97EE90728B084602D74F1BA011F875BA04A110C3D07DF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.....E...E...E..XE...E.,^E...E..SE...E.,\E...E...Eq..E.,kET..E.,jE...E.,[E...E.,ZE...E.,]E...ERich...E........PE..L....l`...........!.........~......j.....................................................@..........................^..-....R.......................z.............. ...............................8@..@............................................text............................... ..`.rdata...W.......X..................@..@.data........p.......T..............@....rsrc................`..............@..@.reloc..l............d..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\freetype.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):531072
                                                                                                                                                                                                    Entropy (8bit):6.81322068220089
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:DMM6mPIuLW1iPYilNXMp5mFyV+w98/+fEWmX:DMwPIuLuilVMTmK+rzZX
                                                                                                                                                                                                    MD5:A0E41D3E1C157C9892ACB3A44ABCF0FD
                                                                                                                                                                                                    SHA1:08F39CED0A1C4C5607BF8C14C0BB6D2D620A3DD1
                                                                                                                                                                                                    SHA-256:23A8E28FA460AB9252B7418CB5BA7DEE5C63F661297433D3FFD3D569FE9BAE5E
                                                                                                                                                                                                    SHA-512:8502F989FDD615147F83912BA1327D4DD6C1F3EF9BDC43DA62E766E951EFF371E0371B2ABC20F09EB4F86E6FA3F1118B52F00FC1DB6099B11F10C10B36A8C047
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..*..*..*......*......*......*....*..+...*.......*......*......*......*.Rich.*.................PE..L...../`...........!................. .......0...............................0............@.........................0...........<...................................................................8...@............0...............................text............................... ..`.rdata......0......................@..@.data...h...........................@....rsrc...............................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\hprof.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):132736
                                                                                                                                                                                                    Entropy (8bit):6.689420451177876
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:i0V2kbLSSaDdr8814VRGx+wEG4lgb371xiEvtmqdrBFwB/xKeiyNj:7bL9q4M1DqxKJ+j
                                                                                                                                                                                                    MD5:3786FBC3D461D7CBD2B5C33F15C290B4
                                                                                                                                                                                                    SHA1:2F2A2939907B9B26E3B0BD18AD8A4432D7F39DA1
                                                                                                                                                                                                    SHA-256:AE4E5FFCC472C1A95E68D9AD2144C397A129CC8AE216CE16E89EA2A5E5175D52
                                                                                                                                                                                                    SHA-512:ACA1E647C107F061CAFBC1149FCF5DB5C1E5068BB42CD73ED1924231086019081CB87057B950C3B778E33976CD518D5DAD9D220A04BA7AD6B367F23D442E6FF8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L.....l`...........!.....z...n......_........................................ .......q....@.............................i...\...d.......p........................................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...M.......N...~..............@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\instrument.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):116864
                                                                                                                                                                                                    Entropy (8bit):6.763816801181691
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:agF8cOGj06Y13zc1x4Dv1piyU/TBfIFhP:agjb0643zcyDv1syU/TBg
                                                                                                                                                                                                    MD5:27BFD20E895EF26CEEEFD17C304C5C8A
                                                                                                                                                                                                    SHA1:52EC7BBE60D417D8E8CAD4C7DB8FAA3AC3BAFC13
                                                                                                                                                                                                    SHA-256:3BBBEE0FB75466C80C4AFE585D03C2536B1E19B8FEE069F1816A6F379DEFF134
                                                                                                                                                                                                    SHA-512:896912AB533BB3BC6C4E40DF85082BDADEB922E37E8C49687CC0D35CB0371DA3021F1F62AB825B7997F6964C2FC7492995DEF6BAD9287E0E15AB5914F98EAB3D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L....l`...........!.........................0............................................@....................................(...................................p1..................................@............0..0............................text............................... ..`.rdata...g...0...h... ..............@..@.data....,..........................@....rsrc...............................@..@.reloc..f...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\j2pcsc.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17024
                                                                                                                                                                                                    Entropy (8bit):6.531500257692784
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:+7oJkSh9w5ESgulonPV5GXyA5O0bJDG8pQpkZhPo+:+UJk2W5FJWnd30VDGQhPf
                                                                                                                                                                                                    MD5:B41A5578C0352064E185B829E8678B3C
                                                                                                                                                                                                    SHA1:F8B6B1043BFE1E8B9DCC291FF04C41FCA51E6EFF
                                                                                                                                                                                                    SHA-256:E33E8491E877763285A35FD3AF9109C0AC22FA24C7F51A7706D1971AC3448E7F
                                                                                                                                                                                                    SHA-512:89BF8D5E2E1D0D543A85A7FCBC0645D681F59CBCDF072046A1EF4AE54B8FF2C4233C8EA208407CB966C41E71A83997ED03D0FEDF8295C623F48B4B42DD7EEDC5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L.....l`...........!.........................0...............................p............@..........................6.......2..P....P..t............(.......`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc...t....P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\j2pkcs11.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):55936
                                                                                                                                                                                                    Entropy (8bit):6.546080966212327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:fooO0OHU+b313dACwcI1sRrZT9ixHCWaBo/vu1+SrV9LrBH1bzPEwhEdheBwHWQB:YbHU+b313dAZcIU83C2
                                                                                                                                                                                                    MD5:D428DBDFD658D3AF532EEE8B667A5237
                                                                                                                                                                                                    SHA1:757E488D332D13DCC4A582470F5C1ACF2CA31914
                                                                                                                                                                                                    SHA-256:D8AFE6F27F108063888111CECD2575ED7BA3B3D479BBD123742075628DEAA918
                                                                                                                                                                                                    SHA-512:42205596881A2AF5233115C0C09EB8FF998418BB1F95B453C4EEA6C02A7F0DC3EB1EA3A5BC02BA23E8C20E9D742743465001A8AD58093BA3C605E6682611018A
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;..?UD.?UD.?UD.G.D.?UD...D.?UD.?TD%?UD...D.?UD...D.?UD...D.?UD...D.?UD...D.?UD...D.?UDRich.?UD........PE..L.....l`...........!.........:......................................................~#....@......................... ...F.......<.......|.............................................................@............................................text............................... ..`.rdata..f).......*..................@..@.data...p...........................@....rsrc...|...........................@..@.reloc..R...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jaas_nt.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):19584
                                                                                                                                                                                                    Entropy (8bit):6.516128312692209
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:4FGHJW0MQ4LR3wWIE0PVlv3L+oyDG8pQsFPh8:4gHmQ4NZkd5TyDGYh8
                                                                                                                                                                                                    MD5:4A254617C43345DB47C43384ADDACF37
                                                                                                                                                                                                    SHA1:CDDA902B5338A885A47E7EDD80242AEAA055AC6E
                                                                                                                                                                                                    SHA-256:5AF139B57CC1421DF7FE2061D67D1A9C61D821AFCB92A09D8AB59953A3C8C0A6
                                                                                                                                                                                                    SHA-512:79014B535DCB64FFA8A0B941BD1399ECD8B638C5ED94E5C76A4D88ABD04E1BC64D5FE513FFF5D62CF1831BD7EBC3AB0C31E8C6775EBD14CC6B94F4E28CE2C9D2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L....l`...........!.........................0...............................p............@......................... =.......7..d....P..x............2.......`..H....1..............................`6..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@.......(..............@....rsrc...x....P.......*..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java-rmi.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16000
                                                                                                                                                                                                    Entropy (8bit):6.4873774487964395
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:GpsAnnDjGomSHhV8zhv0WeC6pDG8pQ+hWY:GpsAnn4S/8z2bC6pDGihWY
                                                                                                                                                                                                    MD5:3E8C665604F39E8A24036ECD26FAE699
                                                                                                                                                                                                    SHA1:6B934D75AA42EA47AE5125A1AAE97288F07DFAC5
                                                                                                                                                                                                    SHA-256:F0882DDCC4915C8A65DDE90433AFCE93400286891419D79EBD735F62ACDD17EC
                                                                                                                                                                                                    SHA-512:C672EF950744DBD84ADC9D072311E2C33DC7CA8E5CD78626B17366229C7A0D092E52610FC13494838B00763F48244CCA14CE615EB61ED84148BC0AAACDD58B04
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....l`..................................... ....@..........................`............@.................................."..P....@..t............$.......P....... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data........0......................@....rsrc...t....@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):127104
                                                                                                                                                                                                    Entropy (8bit):6.77594564953673
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:jKCLZixAqTjW6LNau0fNgHcq+1RnInN3HNxG9AA21:/ZiA6LNaPLpMnc4
                                                                                                                                                                                                    MD5:62460B9FB42E5A5BB36CBFC8EED6935C
                                                                                                                                                                                                    SHA1:FD9C9D7C9C808F341BDF5A65DF6160D6E8BA7CCE
                                                                                                                                                                                                    SHA-256:20C9EED8AB86613BD6285756A7C20071AB0443FF62E4561C02527473E0DAD658
                                                                                                                                                                                                    SHA-512:C94AB9FD0A600E37661C420B3108F37A0210996F09A1685F0F7BEDEBEB43C9E52340C850D681DD6444E640D22D4EC63D0CC82F53337D31CB112E087C6BE4CA6C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r...r..r..(r..r...r..r..(r..r...r..r...r..r..r..r..)r..r...r..r...r..r...r..rRich..r................PE..L....l`...........!..... ..........Z(.......0............................................@..........................u...B...V..........l.......................0....5..............................(T..@............0......|U..@....................text............ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...l...........................@..@.reloc..r...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\java.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):187008
                                                                                                                                                                                                    Entropy (8bit):6.782970988853378
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:AkVcu+6N6VPnvsNsMGxzDgwg8rPxHG2Y4TBfHML7k/IL6Xn:AkVt6RvsNspzUwg8rPRnY4TBW7k//Xn
                                                                                                                                                                                                    MD5:5F0A9056DBCA1F0E82ED696237A53B93
                                                                                                                                                                                                    SHA1:B07E4C487F8E79C55863C2E23AC055A9A843DE64
                                                                                                                                                                                                    SHA-256:5FA8A4C447E504F04CDFEEDB55E63824FF5195F98362C62D6D602AB5D5C442E2
                                                                                                                                                                                                    SHA-512:2DFA429431A4F32DE2AD729D9064B3B5475CBBDB99436B4626EECA532E656B0717F0D953B2FECEA14C99174B618D7D1C38B30EF29BAF4689E998D596EC53077B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....l`............................\.............@.................................'`....@.................................,*..d........m...................... ....................................$..@............................................text............................... ..`.rdata...s.......t..................@..@.data....4...@......."..............@....rsrc....m.......n...8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\javaw.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):187008
                                                                                                                                                                                                    Entropy (8bit):6.7857063604473185
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:ZI7J1oqmtn6k2Csgn2ycJ/nBmAHHunXw4TBfXLB7k/IUAGGbc:ZI7J8n6ssgmJPBmAHHuXw4TBt7k/O3c
                                                                                                                                                                                                    MD5:60364FDBFB0A296CC98A285A6A157B26
                                                                                                                                                                                                    SHA1:DB327FCB8E8EAF8978DEB74FA23C04B93A0B0D9C
                                                                                                                                                                                                    SHA-256:1CA70B86C9E6731714CEB043434FDA363AE584126B9D65BEED9A0D6D91515FEC
                                                                                                                                                                                                    SHA-512:93893104DE075D5B4F44BBA47FE1249A64537327A10B38ECEB54FE2278CDF128291091B47569FBD77BC4C35BFDC49B0FC3FA178F29F1AA8850C6B81C641836C2
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....l`............................s.............@.................................8.....@.................................,*..d........m......................$....................................$..@............................................text............................... ..`.rdata...s.......t..................@..@.data....4...@......."..............@....rsrc....m.......n...8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jawt.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14464
                                                                                                                                                                                                    Entropy (8bit):6.325045214068564
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:a5n4VZK3L5YNY73XLPVlD61UAU7ZDWpH8ps7/qBZHkbg:aoWtX7PVlWUA4ZDG8pQYhB
                                                                                                                                                                                                    MD5:3BC3B8C0573A7F9B6CA6CE3AA53A5E7B
                                                                                                                                                                                                    SHA1:EDA6DDF7110A956EF6CC0A701864B068AC565153
                                                                                                                                                                                                    SHA-256:8706B4F3BE4E80FA5EBA40FEB331FEC523A1E4F97B4CE7433698AE5CB6119BC5
                                                                                                                                                                                                    SHA-512:E015C02198EE47EDAAC99642BF5AE2A7168043B237A2CAF5DD37887568B190CA5F34F55959A60C55B99F6826AB130FAA59063FA66E23B90410B90780F0E76AA4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L....l`...........!......................... ...............................`......`=....@..........................%..J...<"..P....@..l....................P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..:.... ......................@..@.data...`....0......................@....rsrc...l....@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jdwp.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):164992
                                                                                                                                                                                                    Entropy (8bit):6.723333538922359
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:TYfE6rQMoBzEsek8zekgq/JxKDVqbZclKR87H/:b6rQMo6sek82IYhqsKq/
                                                                                                                                                                                                    MD5:8392C168EC9B3B547BB5A519C94B9CD0
                                                                                                                                                                                                    SHA1:96636FA2BAA391DEB96383F0C8D1F1E010F0D859
                                                                                                                                                                                                    SHA-256:30D6F087F8B7F60277FF733E222205B7165766BDDBFC9165825A9BD624145972
                                                                                                                                                                                                    SHA-512:29E95B294E3BB06F1170E881D305F8F82A5A88B1FA9546B598F890D41942DFC0C4B07F6BAB424F2298821CCF2F0372193616ABD3EA58EE546485408D106F9760
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."]]?f<3lf<3lf<3loD.ld<3l.r.lg<3l}..le<3lf<2l.<3l}..ld<3l}..ld<3l}..lR<3l}..lg<3l}..lg<3l}..lg<3lRichf<3l........PE..L....l`...........!................................................................Nr....@..........................@..h...l:..<....`..l............j.......p...)..@...............................@9..@...............$............................text...f........................... ..`.rdata..h`.......b..................@..@.data...<....P.......6..............@....rsrc...l....`.......:..............@..@.reloc..@+...p...,...>..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jjs.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16000
                                                                                                                                                                                                    Entropy (8bit):6.499839599365348
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:Gpsf5nnaGGmSHhV8M8v8eCD4SzlDG8pQyhO:GpsdnjS/8F5CDzDG2hO
                                                                                                                                                                                                    MD5:7ADEF2E2A6DFC70A45F10B94116F8F68
                                                                                                                                                                                                    SHA1:F7170C4470E96A4D7D592CD3AB1D30813313CFAE
                                                                                                                                                                                                    SHA-256:B5E6716B3BE4D535791FD66F7A67AD18C730D57B2028658DD12F517C84F83D5C
                                                                                                                                                                                                    SHA-512:9FDBFF7444557AF9E14BC783D60662AB45DA351E53D2B3AB2B67296805B38713EE3B140F26BA6EFF58DC0CFD68004ABEA09C086B58FBFA5074D98516B9D6E68E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....l`............................|........ ....@..........................`......-.....@..................................#..P....@..\............$.......P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jli.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):159872
                                                                                                                                                                                                    Entropy (8bit):6.796185492531119
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:oSMpC1OAUPrudoWT8gAwSNuXFoxnTBfXo0GI:oSMpCo1TDWALNuX2xnTBuI
                                                                                                                                                                                                    MD5:705CA86C42736F5E946A9FDA6137102A
                                                                                                                                                                                                    SHA1:FE89654A6C43764C6685A0590937889F1F2737EF
                                                                                                                                                                                                    SHA-256:87FCB9EDE35D24BD03A230EB635096C9986DCFB5349A6983F9053364B01B9784
                                                                                                                                                                                                    SHA-512:1FD88D40DCDCD5B46AFA30F412BB4C7965C4A727B05C3A0CC81674DD1C9C29C3B117D80AB76E207A182C0F390ADA3F675DB07770687C4862EE8164F9C3FE89EF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L.....l`...........!................l....................................................@..........................3..m....)..d.......h............V...............................................#..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@.......$..............@....rsrc...h............8..............@..@.reloc..2............<..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jpeg.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):128128
                                                                                                                                                                                                    Entropy (8bit):6.652014235871468
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:nP4dtbresAGL/LS8Z8ASDxnuSgK0iJicKv84IpVIGtVByNAG:P4Wj0/LSm89DluOTQ84IpVXVBA
                                                                                                                                                                                                    MD5:F0F2CD6B0C45116EB40C4FB45BFAB5F1
                                                                                                                                                                                                    SHA1:933DF4535D8EFAAD94F48AFC1C2AACA1734E20A6
                                                                                                                                                                                                    SHA-256:B1416491D67E974DD871F144A199040AA0196CD42628D50598A7FB7085EE7C73
                                                                                                                                                                                                    SHA-512:2198240787FC778A9786B4604CAD32C42020428232DA2FA745376671F935E3082B53DA8B5CFF95EB719AE20A39D452ACF41944982A699B59E124296C0CA91AEA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7y.s...s...s...z`..q...h...p...h.*.q...h...v...s...]...h.+.H...h...r...h...r...h...r...Richs...........................PE..L....l`...........!.........@............................................................@.........................@...1.......P.......l..............................................................@............................................text.............................. ..`.rdata..q/.......0..................@..@.data...............................@....rsrc...l...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsdt.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17024
                                                                                                                                                                                                    Entropy (8bit):6.520823730622285
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:thYRX0fYajShiqnDoPV5rFA4DDG8pQISqhY:t1fYAwodY6DGXqhY
                                                                                                                                                                                                    MD5:D3C6DC94E53A3FEEDE30875D93B6AA47
                                                                                                                                                                                                    SHA1:5D0656A035FE29A26D8D81AA178BE89B09D3EC35
                                                                                                                                                                                                    SHA-256:62874D463640CE66659C34698D6EA9788AFFD961DBD2AD40F2DBE3A78C64C345
                                                                                                                                                                                                    SHA-512:4147C36032CE3444A92D24345ED5C88A7E026FD1DD3A24F334312FABB9F896A4F439381FCCC9CBEDBB5C309DAC7928D4DCD9B082656076CB95D9E88DFD8974CE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....l`...........!.........................0...............................p......4i....@.........................08..:....4..<....P..l............(.......`.......0...............................3..@............0...............................text............................... ..`.rdata..j....0......................@..@.data...`....@....... ..............@....rsrc...l....P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsound.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30848
                                                                                                                                                                                                    Entropy (8bit):6.670944902923338
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:4zSht78T0OgjjaFr0OPfcOM7AdJwePXRifZfguG8RPGHdiLOZnykDG8pQQSroTh6:4zSht78n0OPtdJFXk9DR+1UkDGUJhTG
                                                                                                                                                                                                    MD5:012E284AE44F73B1D353CCF2AC4C50E0
                                                                                                                                                                                                    SHA1:874694EBAC1AFDDE4AEE2572DB0FA902DE8144A0
                                                                                                                                                                                                    SHA-256:D011CAB3048BE4A740C2B66851A0AD52A700AE8FBD84AB72BD3DBA1B2DF55D6F
                                                                                                                                                                                                    SHA-512:D31D21DE18832D59240D44447443D21C3CAC5DAB572EDD6153A373A92182A8131E99B3559F7C2CAD72EF15B434B9C4C7E92C52B8822F4AEF49C49B15112EB489
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....l`...........!.....8...".......A.......P.......................................T....@.........................0^.......V..P.......t............^..............`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.......P.......<..............@..@.data...$....p.......T..............@....rsrc...t............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\jsoundds.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):27776
                                                                                                                                                                                                    Entropy (8bit):6.700076409743288
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:GLEWeFz9Yu22rM0Z6uHB72ZWreX06OMi423nDIN5sgvYWWrKnWqv250ZNQdQZfzB:GLEW/WSmoNhZfN
                                                                                                                                                                                                    MD5:34970664FD06E0FD88900A5BEF32B11A
                                                                                                                                                                                                    SHA1:CE4326B0274BD06BD43DBAC3ED9FBD909C8A2EF9
                                                                                                                                                                                                    SHA-256:E51B256021DA1A74B75243414EACF1F186FB83A61797958317114B8B50E89FC3
                                                                                                                                                                                                    SHA-512:D35DC27A648863A246EE6A98409796745237FAE9E69EA2B205031D246E61B827BA23416ADEF9FF467048FF88F852AE871F6F6A6F10043E854CD1A3998AF05EB5
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....l`...........!.....6...........?.......P......................................%.....@..........................Y.......S.......p..|............R..........0....Q...............................R..@............P...............................text...v4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......H..............@....rsrc...|....p.......J..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\lcms.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):193152
                                                                                                                                                                                                    Entropy (8bit):6.494130561078967
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:dZqhalkco73KogJdH8rJIlMDPUjp23cxfUdq4eO4EGaEaU7SrZUC/:oTco7mAImDPUEc4qVXATUS
                                                                                                                                                                                                    MD5:67E3CF793FBFD07624C3DCECD324D921
                                                                                                                                                                                                    SHA1:F1720058C6EE6E0C606A7AC357D589A0F9FB955A
                                                                                                                                                                                                    SHA-256:A4CD0E2A33AC2E63947FA0106B06725997E1CE9C6E4695738C7AE0864C229E88
                                                                                                                                                                                                    SHA-512:F7FD8DC6A2E09914FFA36936025F6E4ADCDDFE9C14B91B00BE97185FE71D6CACB1FC96F22957D0FAE567E48073424D54B48D2D8E74439F162CFF4D94BBF235DA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................[.....,V....,c.....,T.........,b....,S....,R....,U...Rich..................PE..L....l`...........!.....2...........:.......P...............................0......._....@.............................h......d.......l.......................,...0Q..................................@............P...............................text....0.......2.................. ..`.rdata...W...P...X...6..............@..@.data....D.......*..................@....rsrc...l...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\management.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33920
                                                                                                                                                                                                    Entropy (8bit):6.54380639728699
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:nhLhkWuNfydUKf2OzVwhxKdzBFt35DG2DShHd:nd5ifydT22VSYBz35Ud
                                                                                                                                                                                                    MD5:7F37155968A1DDE55B00472DD2228563
                                                                                                                                                                                                    SHA1:9896FCB8E0BA8950E508A2576F3D63721D875C98
                                                                                                                                                                                                    SHA-256:8ADDB39B8262DE0CE98B097FDDDE87F5C16F6F090FEC110F9BC3A4C3AEE1035F
                                                                                                                                                                                                    SHA-512:AFA375456AF89F1260A75A7183A81785C1757D815110D23D8C8367F3FB62218135E3979426EBE4F8A89F161816FBC0C440C3CD9A8B8C8BA84D3A8EEF089FD20B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?CR.^-..^-..^-.h....^-.....^-.....^-..&...^-.....^-..^,..^-.....^-.....^-.....^-.....^-.Rich.^-.........................PE..L....l`...........!.....,...:.......6.......@............................................@..........................S..m...|K.......................j..............`A..............................HJ..@............@..H............................text....+.......,.................. ..`.rdata...,...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\mlib_image.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):575104
                                                                                                                                                                                                    Entropy (8bit):6.503048479795252
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:WcJC857GG2tUavhwiJVJD6JdsGppmrszJ8pJDKc93MaOQWsxEVVoZXRKpZbNw36R:WcJC857h2tUavhwiJVJD6JWGp/zi7DKh
                                                                                                                                                                                                    MD5:72FDE83DAF4099495D0F8EE99BB2168D
                                                                                                                                                                                                    SHA1:906D388092EB2FE35DE9E8AF62112FFC4E794FE5
                                                                                                                                                                                                    SHA-256:0C1591D031A505147897FA31CFD3A6A3BA2B797CFDC4EE58C428186570A1DD81
                                                                                                                                                                                                    SHA-512:97F763A741D35775A9D3F1744D1B091C0BCF104A990BE89F70CC661F9B9389F6C22363C14DDE2487DD7CF67477FDAE5D45346AF6C4220E42A173E8075B7410BE
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L....l`...........!.................................................................Q....@.............................".......<.......................................................................@............................................text............................... ..`.rdata..2...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\msvcr100.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):773968
                                                                                                                                                                                                    Entropy (8bit):6.901559811406837
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                                                                    MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                                                                    SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                                                                    SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                                                                    SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\net.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):82560
                                                                                                                                                                                                    Entropy (8bit):6.644865299708066
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:IEdjBCBoHPZOLbG8k7acGWH+UtQFaVEbh:Jkov8fGtxEbh
                                                                                                                                                                                                    MD5:EF1722DC5C18D6416A3C45A39A473F6F
                                                                                                                                                                                                    SHA1:74C59C536A80E0430C5FDFD7424224FE08A4C5F0
                                                                                                                                                                                                    SHA-256:F892BD41CEC077229C2B4A34FCE9CC0C130DFF2427F86F64CC4DEFB2A91A621F
                                                                                                                                                                                                    SHA-512:52CC61B7FB7B6B21F2FD784BF4DEC54D17E90CC098BBDBD4A7064E6C2FEEA61C9ECE0CA3CE3B3B8D5B6EF3E55E6B1EA74E147C68347585795BEA9078E96E6C3E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z...)...)...).iL)...).iy)...).y)...).iN)...)...)...)..A)...)..Q)...).ix)...).iI)...).iH)...).iO)...)Rich...)................PE..L....l`...........!.........h...............................................`............@..............................!.. ........0..h............(.......@...... ...................................@.......................`....................text............................... ..`.rdata...O.......P..................@..@.data...\.... ......................@....rsrc...h....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\nio.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):51840
                                                                                                                                                                                                    Entropy (8bit):6.539907300360659
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:v90JGX3KF8OyYs7Jlt8hpIDWzrSRyWVr0j1yxf7jC8YUwQ+pt//WpH8qwbPxDG8y:v9+GXUyIo8+RHAj1yxC8Yd/Gcqwbkn
                                                                                                                                                                                                    MD5:823B2C4761BEC0121ADF70F8AB5CE638
                                                                                                                                                                                                    SHA1:220610227A74E22050C1326FB2148BC4F953306B
                                                                                                                                                                                                    SHA-256:2C2A6FB722055D3385E481237399C6AF1CC93ABC77D9485276E8158D1715F168
                                                                                                                                                                                                    SHA-512:842A0515ED1E4A81C3536032B7E3F1B0BB77922DD25EBA8C38C70CCB2D8973424FA7CC001DFFEE03ACF2681EF5FC3B7EC04DAE3E6271A2A2D03C1DABE5A27771
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........i...i...i..V....i..V...i..V....i...h...i.......i..V...i..V..i..V..i..V....i.Rich..i.........PE..L....l`...........!.....V...V.......^.......p............................................@......................... ....+..L|..........h.......................t....r.............................. {..@............p...............................text....T.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\npt.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18048
                                                                                                                                                                                                    Entropy (8bit):6.4362169822769895
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:LjThTD1ToBt57hOPV5S1vadoDDG8pQxUhE:LjThTRwt5tOdCa6DGmhE
                                                                                                                                                                                                    MD5:9E9AE5B70F18ABBDB2B5A410B691A922
                                                                                                                                                                                                    SHA1:6CD5D9677821C6AB02C3F7C854C298E55D13766B
                                                                                                                                                                                                    SHA-256:FC9A701C97A86805F33D9CB49498BF50754DD6E7C5B604DD488132A5DAA064B9
                                                                                                                                                                                                    SHA-512:A1619142770555D41ED0F8E8FCECFBC3FAD9CE7AD4AF73D652DE418D6B6AA609EC4EDBE27E46CABA705CFC41D3AA26017E96446C518D0199E42E3F0833374881
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L.....l`...........!................)........0...............................p......<3....@..........................7.._....3..<....P..h............,.......`.......0...............................2..@............0...............................text...>........................... ..`.rdata../....0......................@..@.data...X....@......."..............@....rsrc...h....P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\pack200.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16000
                                                                                                                                                                                                    Entropy (8bit):6.502740019921736
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:GpsK5cnMGecmSHhV8kgLoeC+4SzvpDG8pQAhb2:GpsRnIBS/8ddC+JpDGUhq
                                                                                                                                                                                                    MD5:33F1BE2DFDCF0F2E9320E7234DB3A7AA
                                                                                                                                                                                                    SHA1:99C60ED25A979F3045FAAF8B99C3CB171870AD24
                                                                                                                                                                                                    SHA-256:CD2F36C01194983AD153879B8199B4FF1BA3310702187583782F9472D390EF3D
                                                                                                                                                                                                    SHA-512:7384317A24F7D6651B2A1D65D0C4538E49B00CC4F690788A38A59C9DC93E62BD985A2E729E8804302E6B5292E2FA4100934120600661F1036DAC18DD7C0D4BD8
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....l`............................|........ ....@..........................`............@.................................$#..P....@..p............$.......P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...p....@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\splashscreen.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):173696
                                                                                                                                                                                                    Entropy (8bit):6.892827552541788
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:6cBIhHAEkFwanwtZqWsJpv6AQhq9G23hBnqxV7m5V8yTBfYpCMR:9OhHAE+vnEA0q9G4qxBm5V8yTBgpVR
                                                                                                                                                                                                    MD5:181B45553849FDFD730B3B039E70769A
                                                                                                                                                                                                    SHA1:E193D5404B3089D9CE083C7B802261FB9098A314
                                                                                                                                                                                                    SHA-256:9103AAC33C22F588FE5A808846C9FCE9602A06655063AE4F96D63122CC195797
                                                                                                                                                                                                    SHA-512:749E387C6AF27640EF1C2E0848E64D242727D581685FBBB0637E5721FBEB8C9265C64053CABD1606ED8A8159640224D2C75F4A730BC48DAB79F169E514A86C89
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%@..v@..v@..v['hvB..v..lvF..v['jvF..v['_vB..v/._vC..vI.gvE..v@..v...v['^v...v['ovA..v['nvA..v['ivA..vRich@..v........PE..L.....l`...........!......................................................................@..........................}.......w..P...............................\...`................................r..@...............H....s..@....................text............................... ..`.rdata.............................@..@.data...|1...........t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\sunec.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):125568
                                                                                                                                                                                                    Entropy (8bit):6.682034007439107
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:k4xTwQP4fbh3HqdWdsqbo680PXScilgKptxG0ULtt1vHWLWLWw3WDizqgPz:t0fbhNM688jiPe5v2CCwGDizqgPz
                                                                                                                                                                                                    MD5:77E16E84B3C8B9B2F132867D136C1D93
                                                                                                                                                                                                    SHA1:3E7685D27547E839DA4B8D0EE98DF52DE1D819E9
                                                                                                                                                                                                    SHA-256:DE5B4639BA67ADD1550CC99E64606AF312845A33A87F49A2E2EE8916E9659F11
                                                                                                                                                                                                    SHA-512:C4B2806D7D9113B32FF8E9417AB9133E72464EC6F1912FBED13A33CA9CAF79DDDA596416334B6ED9C10F6902BFC1DDE4CE5653FBA5A1E38E2660433501DDCA7B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L.....l`...........!.................#.......0............................................@.........................P.......<...<.......p............................0..................................@............0...............................text............................... ..`.rdata......0......................@..@.data...............................@....rsrc...p...........................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\sunmscapi.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30848
                                                                                                                                                                                                    Entropy (8bit):6.461243259969281
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:sPaBpbIbssxOkoXJjBBslmuB8d6Hf3DGThZ:syTeoZjBBslmEvM
                                                                                                                                                                                                    MD5:FEEAAA8DFB4E2C9531D09A98F077FD48
                                                                                                                                                                                                    SHA1:77B2FA341337EF6C2D853988C9BF513AFCBABE6F
                                                                                                                                                                                                    SHA-256:CD1C47FE7332AAB9A821C9A64AFF75F173ABBC55C6D01F65F93C9C9E65DDEF93
                                                                                                                                                                                                    SHA-512:57645E1E750BF19B4C07F9C7080172817DE3EB42F5ECFDE21C16335DBB79284672070506E74F6A03358E19AB8DF09C75E2DC77FD682052EA17296394193F04F0
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0e..^6..^6..^6...6..^6...6..^6...6..^6...6..^6.._6.^6...6..^6...6..^6...6..^6...6..^6Rich..^6................PE..L.....l`...........!.....2...(.......<.......P............................................@..........................d......D[..x....................^...............Q..............................PW..@............P..l............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...h....p.......R..............@....rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):66176
                                                                                                                                                                                                    Entropy (8bit):6.455797493723823
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:eJzMTHP5Q2uEwmnw853GaZ8yHg/SBdDAZMqzLUG:OYbP54qnB3Ga3g/SBdDAZMqzn
                                                                                                                                                                                                    MD5:D6109BADFE2D130D42288462BF0039D7
                                                                                                                                                                                                    SHA1:32E8CED78FE1A5A9AC7125FFE87342B5196DE3AD
                                                                                                                                                                                                    SHA-256:3BBD45369CFD806F5290ABF7D9C12D8FEAF558C1D3BE770FE7B05F0F205281FB
                                                                                                                                                                                                    SHA-512:8AA85273F677C25ACFB945CA95AE8530A03D3FBFCB831059C8560BA1FEA6D6291562A4154436DD13B57B05E20110D2EABD1AE764A079E844845FBCC07688B714
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L....l`...........!.........D......-........................................ .......S....@.........................`...........d.......t...........................................................p...@............................................text...>........................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...t...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):160384
                                                                                                                                                                                                    Entropy (8bit):6.040579446577213
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:455PvV+HrSDZaoOp460AwJrmJ1VTBfveag9zQHvlICB:5HrwZy+6dYrmdTBneag9zQHvp
                                                                                                                                                                                                    MD5:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    SHA1:FF215FE0B48B7FF5A43B02F25521788328A64A7F
                                                                                                                                                                                                    SHA-256:ED4F04090A5D543627D49FF3693E6AB1EA7EF163D34ACBAF46B6EE4B76AD12E8
                                                                                                                                                                                                    SHA-512:48EAC09CA862C3DD35436C837FA2DB9D31394323E8540B1678315E9FD54B45583AE3D4180D353D3903FF1305750548B5FBAC5E7276ED0E0112B0EA2D2D1F2B4E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....l`............................*.............@.......................................@..................................p..<....................X.......... ... ................................6..@............q...............................text............................... ..`.rdata..............................@..@.data...d....P.......,..............@....idata..D....p.......<..............@....rsrc................F..............@..@.reloc...............L..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\verify.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40064
                                                                                                                                                                                                    Entropy (8bit):6.721064736740807
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:ObhEn4lZoQ7LEMz8mgc9vR65o00rD4WJ1Z3sxEndJPqDGArcBhK:Obhi4LnEu5EW7Z2EfPKA2
                                                                                                                                                                                                    MD5:ED82EF325E016D1102A64F681010FFF6
                                                                                                                                                                                                    SHA1:85A6E150FCC33F21989CE7B755B3365DDFC22148
                                                                                                                                                                                                    SHA-256:7290333FB8DEAA13E4C90BC3B4AE3B7C40CC03F18DCC107AD0AA44D704F52858
                                                                                                                                                                                                    SHA-512:56A08C8E404309FAE4DE809BAF95B35A45FF383B716519AA353CF4AD71623697EF5F1E6F54156C03A6F496F3721908395BA63DC661672B28937EBCFB532C0A38
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L.....l`...........!.....N...0.......W.......`............................................@..................................x..P.......t...........................Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..E!...`..."...R..............@..@.data...(............t..............@....rsrc...t............v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\w2k_lsa_auth.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22144
                                                                                                                                                                                                    Entropy (8bit):6.5345286788422525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:oUHvcTgxRYCfjsZPiW9LEiGTHb6hVXbS11PXiLsD5bGGGGNET7T7T7T7x7uFoqnn:ouvcTgTYCgZPiW9LEiGTHb6hVXbS3PXr
                                                                                                                                                                                                    MD5:70725EC61A2D0FD05FF036EDD9081509
                                                                                                                                                                                                    SHA1:4B769DB9CE0D2AA7FE90CC1D6F56AC549276B2D0
                                                                                                                                                                                                    SHA-256:2BF4E318696AB3F2D14B9D254986C6FF68A289FBDB0A38CF1B91D960BD8759F6
                                                                                                                                                                                                    SHA-512:922517F5F62DBF33DD40C30BC8E7BA8878DAEBAF7BFB07AC238F49D3A01BD27A3B181ABE454C645BD99416281D76E80614F810C2EFA6E246E543495FD84AC42C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L.....l`...........!................d#.......0......................................S.....@..........................B......|=..x....`...............<.......p.......0..............................@<..@............0...............................text...n........................... ..`.rdata.......0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..,....p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):151632
                                                                                                                                                                                                    Entropy (8bit):6.463083319649891
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:7kldyU0rumJ08aie23ucacX5O6YnIb6DQeTQwYF5tAR2pNqM8vKXNt5ZnG/jAS6V:4fyUcumJ08/QEp6DKwYjtALuVG/jNkNx
                                                                                                                                                                                                    MD5:D56527919A78D6AC6CEF8A9CB3D0B922
                                                                                                                                                                                                    SHA1:D4EA8C6FF865334FA56D19E435E58CCA8CFF7E36
                                                                                                                                                                                                    SHA-256:14F684600450CDBCDBA40A554DA7F96E7756B5733B4854F5B30B9A35D26CBA4B
                                                                                                                                                                                                    SHA-512:CD3BD8E33DF78FDE76827CEE0CA9EAB921C4BBCE31AAF7B38D41D6A8D473A30EE5F50F3620741F57FD54A86A75AD11CEE6F9A67C4C4B30E9987E1445AF37F2B4
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0 D.tA*.tA*.tA*.S.W.gA*.S.D.RA*.S.G..A*..Nw.sA*.tA+..A*.S.X.sA*.S.V.uA*.S.R.uA*.RichtA*.................PE..L......`.............................F............@..................................p......................................4...<....P..................@[..........................................X...@...............t............................text............................... ..`.rdata..l*.......0..................@..@.data...\,... ... ... ..............@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\zip.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):71296
                                                                                                                                                                                                    Entropy (8bit):6.892335567516462
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:JURpg7oQBzRaJScPaVpXoIOwIOqonToIfWYj+9a:d7oQBl6QXumqMTBfWq+9a
                                                                                                                                                                                                    MD5:A17752B09E0F94EEDCC79697BD469D26
                                                                                                                                                                                                    SHA1:EE0EC9FA38ECCD85E3AA9B89A955AF4CFBC23ED3
                                                                                                                                                                                                    SHA-256:5BFCB6A7BED3AC63A5AD0D9EE5E350E618A78E90CC4220E0028708604671C001
                                                                                                                                                                                                    SHA-512:A88C17DD6AC9194DB650DF7A41475A1D01DF3917A1BACE3655F7ABEB18D109CE1131FBADBCB4D58E73A5AAB049F2DB82116EB99715B08B95FFC5D78558F12A2E
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........O.............g.....D.l......[j......[_......[h..............[^......[o......[n......[i.....Rich....................PE..L....l`...........!.........f...............................................@......D:....@.................................l...d.... ..h....................0..d...0...............................H...@............................................text............................... ..`.rdata...V.......X..................@..@.data...............................@....rsrc...h.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\accessibility.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):149
                                                                                                                                                                                                    Entropy (8bit):4.558376029276625
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LFpfBZgZLXnuWxVEzERMLVAAiuKIn7IRAdSPGGzJzGBXlnfMaAHCR1vn:L7APWzTLVAkIiSPhZGBX5kaAHCXn
                                                                                                                                                                                                    MD5:2ED483DF31645D3D00C625C00C1E5A14
                                                                                                                                                                                                    SHA1:27C9B302D2D47AAE04FC1F4EF9127A2835A77853
                                                                                                                                                                                                    SHA-256:68EF2F3C6D7636E39C6626ED1BD700E3A6B796C25A9E5FECA4533ABFACD61CDF
                                                                                                                                                                                                    SHA-512:4BF6D06F2CEAF070DF4BD734370DEF74A6DD545FD40EFD64A948E1422470EF39E37A4909FEEB8F0731D5BADB3DD9086E96DACE6BDCA7BBD3078E8383B16894DA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.# Load the Java Access Bridge class into the JVM.#.#assistive_technologies=com.sun.java.accessibility.AccessBridge.#screen_magnifier_present=true..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\calendars.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2479
                                                                                                                                                                                                    Entropy (8bit):5.223707333360392
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:HrHIty/qHh+m2YPOW7qOVu2HX1C5MCmCkcJFvRL:H8ThI1GtszlPFvB
                                                                                                                                                                                                    MD5:FD47532D0C6AE3BEC63F2F1CE3336A6B
                                                                                                                                                                                                    SHA1:E969A98067073C789B02168B211277EB393DB634
                                                                                                                                                                                                    SHA-256:9B72CFAD9723C8B33EED3E18BDA69BE3F50740F8C11456487D3098E288359BFA
                                                                                                                                                                                                    SHA-512:AB5975CA676F7F08EAC58902C352ED9BC67E03B75D6C0155AE75A1A4CC478905FA153F8DD7C1BCE0162C3C17E738B550F43D6341B437502F71B54152B307F6E5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, Bosto

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3090257
                                                                                                                                                                                                    Entropy (8bit):6.631607382557003
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:49152:2/fiq4z1n1FafzGB3fBxjqUWHxKnvvh3lbIsYJ:mfinzNsu7uSn3plbID
                                                                                                                                                                                                    MD5:BE77261E5EA68F8D654979506C60098F
                                                                                                                                                                                                    SHA1:D9F45A45C6D24FD51AF87EDF995F3F074F26B625
                                                                                                                                                                                                    SHA-256:4C0CF9049C1C9EC958C66338CC4E1E3E8F6E6203FC23C4DF1EE25A27DB1C3E7E
                                                                                                                                                                                                    SHA-512:9556424DA462320A598D27B1E340FBACD2F34367767005D5B4DCA03668B05B3E72AB8E5E95292823FEBCEDED3398BA1D6C7372B326A3D8DA2D128E9D697C6C1B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.RD..E...E.......META-INF/MANIFEST.MF....Manifest-Version: 1.0..Created-By: 1.8.0_282 (Azul Systems, Inc.)....PK.........[.R...j.g...g......sun/nio/cs/ext/sjis0213.dat..g..................................................................................................................................... .!.".#.$.%.&.'.(.).*.+.,.-.../.0.1.2.3.4.5.6.7.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S.T.U.V.W.X.Y.Z.[.\.].^._.`.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.{.|.}.~........................................................................................................................................................................................................................................................................ .!.".#.$.%.&.'.(.).*.+.,.-.../.0.1.2.3.4.5.6.7.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S.T.U.V.W.X.Y.Z.[.\.].^._.`.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.{.|.}.~..........................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1047028
                                                                                                                                                                                                    Entropy (8bit):5.8538844166235195
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:S+BXim0XyhTMeRoqkobZ36qoCFsQn3cE1JrEc3D4F:Siym0eRog56Wn3PcF
                                                                                                                                                                                                    MD5:C0B2C569C4C13AFDE2B4936C69899818
                                                                                                                                                                                                    SHA1:27587B733C46B704468BAAC99D5369558E04433B
                                                                                                                                                                                                    SHA-256:A11A18C31F07B640CE37C8C6913F28D5AE361043EFED7C4B7748129A581C9B72
                                                                                                                                                                                                    SHA-512:77D5B289E6AB8354075058E9467490EEAAB3640F953E5D534B68FDB966CC35B0351B7734F61A8F0E05C02648B6A6C1F7625537A6206D8A7A7CFC8C0FFA998D99
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.................].....1......&..........A.4..h-.\-&..+.......B...2....y.......mX+...........a+3......-..-..-.....-..-..-..-.....-.....-..-..-.....-..-..-..-..-..-..-........-..-.....-..-..-..-..-..-..-..-..-....-....-..-....M-..X..s+.....yQ..m-....lc.-...../.....?.?.?.?.?.?.?.?.?.?.?.?.m.?.m.@.@.@.A.@c..@y..-.m.@.@.A.@.@..m.@.@.A.@.@.@.A.A.A..........3....................)zq-m*...-./..y..+#.......\\...ABJ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\classlist

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):84355
                                                                                                                                                                                                    Entropy (8bit):4.927199323446014
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                                                                                                                                    MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                                                                                                                                    SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                                                                                                                                    SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                                                                                                                                    SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\cmm\CIEXYZ.pf

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Microsoft color profile 2.3, type lcms, XYZ/XYZ-abst device by lcms, 784 bytes, 28-12-2006 18:07:22, no copyright tag "lcms XYZ identity"
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):784
                                                                                                                                                                                                    Entropy (8bit):2.42970830905406
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Pg2lA1s9flg6lwTltOskA555m2kA555m2kA555R:zA1s9flg6lslJ
                                                                                                                                                                                                    MD5:09BFDCD5B55FE322FAF0A4CF94F289C2
                                                                                                                                                                                                    SHA1:FB7D37DB9AD5679600A27352AA1998D5BCDC9311
                                                                                                                                                                                                    SHA-256:98CF012F6122C833B1FF4FBBE37F43A808D769D9B10BA43F3411728E7BB58BEA
                                                                                                                                                                                                    SHA-512:F62D3F6762F6649F97B0DF031C2C381BB4553C7B5CDB39C8ED87E8256EC560437B7D60E728FD10A581EFB5F4DDD3D213C9B25707830E32845B451CD9DC3540F5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....lcms.0..abstXYZ XYZ ............acspMSFT....lcms...........................-lcms................................................dmnd.......jdesc...D...ldmdd.......gwtpt........A2B0...,...LB2A0...x...Lpre0.......Ldesc........(lcms internal).................................................................................desc........lcms XYZ identity...............................................................................desc........XYZ built-in................................................................................XYZ ...............-mft2........................................................................mft2........................................................................mft2........................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\cmm\GRAY.pf

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Microsoft color profile 2.3, type lcms, GRAY/XYZ-mntr device by lcms, 556 bytes, 28-12-2006 18:07:22, no copyright tag "lcms gray virtual profile"
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):556
                                                                                                                                                                                                    Entropy (8bit):2.4790708147231753
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:g/2YeNcjylAll1NfAL+V9pglgkX/lDP89YMOlI/lZcHd2Mlll:g1Ac2lA1NIL+3pglg6lDkTOmlZc4kll
                                                                                                                                                                                                    MD5:FD6340C81F2ADC503AEA746B79A96979
                                                                                                                                                                                                    SHA1:D73ABFDF682FD0F570775B90E40D714976339F33
                                                                                                                                                                                                    SHA-256:D3FD8CB41B7EF8C5EA53BFECB1AD6D4762197C8EAB04444545E083DFF6F86FA9
                                                                                                                                                                                                    SHA-512:A2C861B66C78C66119172A57AD96BC68CC51959B4A41D300C30FE16E4D10077A8F6B0328ACDA14602C054BD291DA49865C77B8358A285211DF7E10011DD06934
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...,lcms.0..mntrGRAYXYZ ............acspMSFT....lcms...........................-lcms................................................dmnd.......jdesc...,...tdmdd.......hwtpt........kTRC........desc........(lcms internal).................................................................................desc........lcms gray virtual profile...............................................................................desc........gray built-in...............................................................................XYZ ...............-curv............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\cmm\LINEAR_RGB.pf

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ColorSync color profile 2.3, type lcms, RGB/XYZ-mntr device by lcms, 488 bytes, 28-3-2008 14:24:37, transparent, relative colorimetric "linear sRGB"
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):488
                                                                                                                                                                                                    Entropy (8bit):3.1769785389298173
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:scdIhpzWllDGnYAsFoDAlAPWrNBRPRjtlhhlhhll:sc2hIllSnYz3lRBNpJN
                                                                                                                                                                                                    MD5:CFECF0A79F8E6DC8D8120302F2A2E837
                                                                                                                                                                                                    SHA1:7576E83E5911096471A97F5E73F3238C6FFE6976
                                                                                                                                                                                                    SHA-256:790DA58CCC79D03658283652716EC9896ED31E0392D818E60F6832815EE79F4C
                                                                                                                                                                                                    SHA-512:B5A90B49AD4DF94BB7E4D88796BAA7D6F908D892815BC3B59E441B3A9262682EAA5610052D75F76B87B85A577D2E12096676D6C56152B0E80DAE6D7B72EA31A1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....lcms.0..mntrRGB XYZ ...........%acspAPPL...................................-lcms................................................desc.......fcprt...X....wtpt...h....rXYZ...|....gXYZ........bXYZ........rTRC........gTRC........bTRC........desc........linear sRGB.................................................................................text....none....XYZ .......:........XYZ ......o...8.....XYZ ......b.........XYZ ......$.........curv............curv............curv............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\cmm\PYCC.pf

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ColorSync color profile 4.0, type lcms, 3CLR/XYZ-spac device by lcms, 234080 bytes, 10-4-2008 10:24:22, transparent, relative colorimetric, 0xf0e75c55d21e4d8c MD5 'PYCC from PCD 045'
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):234080
                                                                                                                                                                                                    Entropy (8bit):5.916799738162389
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:kPQxu94sua+Gl+tqocgEBRQTbwAIoF1r+KRlN13yFs+75rcjG1sIGH69Jwf4CVoy:kPQxu9iaOtxOQAB81iyxyWs5gH
                                                                                                                                                                                                    MD5:2F3658826C5402382E78BFDA48A78A6B
                                                                                                                                                                                                    SHA1:DA0DB2D41E6CEAD9E38A7E4A5C08FA7E90E57B22
                                                                                                                                                                                                    SHA-256:0031AA2B8B4D490369A2A601AE0D95505DF0CB86C0504F080C02ED87E84B3DDC
                                                                                                                                                                                                    SHA-512:F1114143E1F656DFD68E3F32D87439DFC1DDDB859E2664DA3E902FEEBE3AC63E04213230C9FF3EC630E390EB3A85E2FD483A6E5AD2992BF3D89D1129FAF86BF5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...`lcms....spac3CLRXYZ ............acspAPPL...................................-lcms..\U..M..C......................................desc.......>cprt........wtpt...(....chad...<...,B2A0...h..x@A2B0..y.....mluc............enUS...".....P.Y.C.C. .f.r.o.m. .P.C.D. .0.4.5..mluc............enUS........XYZ .......R........sf32.......?.......(.......................ymft2..........{8...............~...G...|.......6....... .A.a...........".C.c...........%.E.t...............y.`.C " .!.".#w$C%.%.&.'V(.(.).*>*.+.,S-.-..U../.0F0.1.2(2.3a3.4.5,5.6W6.7|8.8.9+9.:E:.;Z;.<j<.=w=.>.?.?.@.@.A.A.B.B.B.CvC.DjD.E\E.FJF.G5G.H.H.I.IwI.JYJ.K9K.L.L.L.M_M.N7N.O.OwO.PJP.Q.Q.Q.RPR.S.S.S.TKT.U.UvU.V;V.V.W_W.X X.X.Y?Y.Y.ZZZ.[.[r[.\+\.\.]>].].^M^._._Z_.`.`d`.a.aka.b.bpb.c.crc.d.dqd.e.ene.f.fif.g.gag.h.hWh.h.iKi.i.j=j.j.k,k|k.l.lil.m.mTm.m.n<n.n.o#opo.p.pUp.p.q7q.q.r.rcr.r.sBs.s.t.tht.t.uCu.u.v.vdv.v.w<w.w.x.xXx.x.y,yry.y.zDz.z.{.{Y{.{.|(|l|.|.}9}}}.~.~H~.~....U......_....&.g....,.m.....1.q....3.s....3.s....2.q....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\cmm\sRGB.pf

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Microsoft color profile 2.3, type lcms, RGB/XYZ-mntr device by lcms, 6876 bytes, 28-12-2006 18:07:22, no copyright tag "sRGB built-in"
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6876
                                                                                                                                                                                                    Entropy (8bit):7.544186956447987
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:/Kmx6MT0D5MdtbZPAVwzVZ6MT0D5MdtbZPAVwzVZ6MT0D5MdtbZPAVwzVR:/TzYNMtKwBYNMtKwBYNMtKw/
                                                                                                                                                                                                    MD5:F6439592EF7CED5ABDD4AB4CBA3777FB
                                                                                                                                                                                                    SHA1:11C7BE03D659C369474A6F2231561350AE7889AB
                                                                                                                                                                                                    SHA-256:87E382B9336E6A0417A4D860173109AB319A029CF2972E19833A3327C65BD7E4
                                                                                                                                                                                                    SHA-512:9029BE4A78E1A3C59FB2587D9A8E9EDFB08415C9D4EC4C5956808C0144DCDE6FD78F50A5D6E7A3AD441BE332C9207BC93B83A4B96ED6AFDFF257D5CC7DEADE10
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....lcms.0..mntrRGB XYZ ............acspMSFT....lcms...........................-lcms................................................dmnd.......jdesc...t...hdmdd.......hwtpt...D....rXYZ...X....bXYZ...l....gXYZ........rTRC........gTRC........bTRC........chrm.......$desc........(lcms internal).................................................................................desc........sRGB built-in...............................................................................desc........sRGB built-in...............................................................................XYZ .......=........XYZ ......o...8.....XYZ ......$.........XYZ ......b.........curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%.+.2.8.>.E.L.R.Y.`.g.n.u.|.........................................&./.8.A.K.T.].g.q.z...............................!.-.8.C.O.Z.f.r.~......................... .-.;.H.U.c.q.~.......................+.:.I.X.g.w....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\content-types.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5548
                                                                                                                                                                                                    Entropy (8bit):5.037985807321917
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:r45Vf4fq7MBzO4pYEZ2MQ6KXr3NO0slzMX+W1CuHvvABbiAQ+xaW/ioLHTU+Wsch:r4KJO4mEZ2MQ6Cr3NO0slzMX+WIuHvvv
                                                                                                                                                                                                    MD5:F507712B379FDC5A8D539811FAF51D02
                                                                                                                                                                                                    SHA1:82BB25303CF6835AC4B076575F27E8486DAB9511
                                                                                                                                                                                                    SHA-256:46F47B3883C7244A819AE1161113FE9D2375F881B75C9B3012D7A6B3497E030A
                                                                                                                                                                                                    SHA-512:CB3C99883336D04C42CEA9C2401E81140ECBB7FC5B8EF3301B13268A45C1AC93FD62176AB8270B91528AC8E938C7C90CC9663D8598E224794354546139965DFE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#sun.net.www MIME content-types table.#.# Property fields:.#.# <description> ::= 'description' '=' <descriptive string>.# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>.# <image> ::= 'icon' '=' <filename of icon image>.# <action> ::= 'browser' | 'application' | 'save' | 'unknown'.# <application> ::= 'application' '=' <command line template>.#..#.# The "we don't know anything about this data" type(s)..# Used internally to mark unrecognized types..#.content/unknown: description=Unknown Content.unknown/unknown: description=Unknown Data Type..#.# The template we should use for temporary files when launching an application.# to view a document of given type..#.temp.file.template: c:\\temp\\%s..#.# The "real" types..#.application/octet-stream: \..description=Generic Binary Stream;\..file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz..application/oda: \..description=ODA Document;\..file_extensions=.oda..application/pdf: \..de

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):149195
                                                                                                                                                                                                    Entropy (8bit):7.901933226373155
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:T4pT1xcQRJrf1B/dSjNlyx9igbJJQZeOIlfVXWXKQxJM:MpcQRRdB/cC/igZFRVmPxW
                                                                                                                                                                                                    MD5:D1F7A7FB0A46EDA64B92D27BF48FF07C
                                                                                                                                                                                                    SHA1:E26E4F4B326E4E1E3A47A27B10F4F7335EFECAF3
                                                                                                                                                                                                    SHA-256:2EE219B2825D2174E5A03FF15A7BC3FA2A72D6322672ABB2BC3BE2BA7153F550
                                                                                                                                                                                                    SHA-512:6034451481DCF2D4483E5EDAAE6C60197CB3A7F6C0EC726C7B0F8209632523D24ED7E4548DF2942ED18E93C2CDD08A8D4BE483D5329DD400AA97543DE2B865E0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK...........R................META-INF/MANIFEST.MF....EPKO.1..o..a...ew..8aD....t.m.......[$..&.......6.z.A1.m. ...[$o\`....n=...C....Q.q..3.,&..Z.2.5E..~.|.5~.Ar).W...x....9.b.w..Ld.,~5..>.83........K..4<.0....R...#gB..T....CS.*u.<..l.#{..).i$.S.&G.s....h..b&SW....@..#.7...X.SO>..,X.9.bk.n.,~.PK..p._l....Y...PK...........R................META-INF/crslog.channels.cfg..]k.0.....B.E.../........?K.iFL\..../.....Q.>..s..a.W...,.n.{.y.k.8O.,".K.{..Q:!..0.F52..)m*......h.A.1.....iV.}0.].....t#i...9.%\.Y.A..!.W..`..../..UA.....]..7L.]...J.3q/w:}Qq.z#a.....Q..;.H.E..._.....p....Y..U+U..`.F1...,.".....G5..v...K...9...^Y\..B..d.R..GP....Y....o.F.(:1.~.PK...TU.'.......PK...........R................com/azul/crs/client/crs.jks.:...0..6...0.....*.H..............0...0.....*.H..........0......0.....*.H......0)..*.H.......0...[.5...4.4.=.".1pZA].....P......R.7...+.w.............!^..I..(_$?fNG.9Y...!.A.x..V/..:...m...@..f.I.G ...V.;..7/...P..H.T.h{&......Pe.4Y#.2.-/........

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):85075
                                                                                                                                                                                                    Entropy (8bit):6.697078741574435
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:7mUlPrLpiahcdI7gSiCRnMxzXWr2j8+Gyp+dkeLLWM7Hj36yu68D5p646bd2yqVO:LlPrLpisBM1xx8Ip+vf36yu68DX646bN
                                                                                                                                                                                                    MD5:7618098477E433A3297BEEC060E38554
                                                                                                                                                                                                    SHA1:E57585E7F78F8290A534BAE6BBE85E89BF59B671
                                                                                                                                                                                                    SHA-256:75E2FCD8E5DB747C4F2619C67E9A6898B083318DBAB0B4276052593A9ED22825
                                                                                                                                                                                                    SHA-512:FC46A67C3C7E3BCB0F3E8E2611A749692FE4C2CDF1AC89B9E5013DDC6F58BBAB4D012E58CD85901F0D171C8FF5E9E5CA3C08811ABAC38D89776F67DD1B72B56E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:................]f....................G....9.4X..................................................................................................................................................................................................................................................................................................................................................................................+ . ( 9 ,................................................................................................!......................................................................................................................................................................................................+....!..%&&&&&&0&...........(/....(.&&..()./..&'''''.())).).()7...,---....%%.".%.. ....................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\currency.data

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4102
                                                                                                                                                                                                    Entropy (8bit):3.243897091480785
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:vlWAFFGFSupi94b6OtF8iXh5vkkC6/dHLX2/bVDbeEsBJ:vlWAEi94b6OtDXh5vkkW/pDHsr
                                                                                                                                                                                                    MD5:ECA8C4708672C29C2D10342225022F8F
                                                                                                                                                                                                    SHA1:F09A8C2799109DCBF797E977D45EF31D83842B8D
                                                                                                                                                                                                    SHA-256:09FCC77F1584E4222553F7AE6B6D4E6735D7950FA0DD1A7FDC8B91ABA0F53915
                                                                                                                                                                                                    SHA-512:859EB295B4922EACDC73E11C2F09BA44CD4C0557F282BF3344D90F57ED7151E36BCC343D42DCACA4D24A8814AF1C27216E13DF8F4A2D79A8F57557BA5A0266D0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O.......M..PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):195927
                                                                                                                                                                                                    Entropy (8bit):7.794995995654731
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:GS6k44yC1hyzAF5fSXXZe4ioflXor8xL7iQby10wc:wL+fy1w4iId6mL7iQbyFc
                                                                                                                                                                                                    MD5:F2E03D50317928D981B77D1B01AD2F6E
                                                                                                                                                                                                    SHA1:3F82255BA557B64664E3DBF9D8F2B6E4D611E9B2
                                                                                                                                                                                                    SHA-256:33D0959C1D4F31A23B62C6C406F04ACCA9626B3F72963C88A6D407820CB58AD5
                                                                                                                                                                                                    SHA-512:6DE0E03130F1ED9D236F300B932E2A5D83D58A0841FE5CD7FD6E569384A2034AE37150DDB0D41A2AF3B3B8C9432EF5D5427C5F36CD854DDD9DF987A89F96276C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.JM,IM.u...X....Y.)h8V..(.W......(x.%.i.r.r..PK..D..E...E...PK.........[.R............-...com/sun/java/accessibility/AccessBridge.class.}.|.....3s..n.$$.Xj.BI.P$...!.$...K.@$$.B.....;...Q.4...{..gy...go(.sffwg[.......{..{..3s..?.{..r.....`..c5...4..j.I.W5...R4.Wc.46AcY...X..r5..IOi..<H..k..!W2...gjsS.7uz*.g..O...U...-.U.;.T..:.c..-.Wl\.....cK..<..,.3M...c.....SS.kk.--..Prq...M.>...P..q./"ajj..v...:=.......-.e.....:..............#...f...cjjimS.Or.z...?b.F46z.i....[-.$b..T..S[...UY.fmk..D.-\....S.mh...MM......9.......hSS...H...Xgz...[=...:.....u..X.5ku..U-....Zu...m.6..h.V..V.S.....K..5.M......7..e%...pI.....+.K.1.dx....n.75k.Dr{.5r1.ojd.*.../.n.6..,.,_\X....%.+J.#C.&..E...K....%..W.U,E..+.**W....*.4.....[R8...T......s.UZ].).Y%U.+..(-.(.......B.J..*.`.UZYR.9j..6..0.....].K.J..U...kvE.*...FpNaiy.,.lo#...*P^>..p.2v.)+...I.6..Z..W.T....0..<.TVXTR...+J(.A...kJ*1`.P.J..C...(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):70234
                                                                                                                                                                                                    Entropy (8bit):6.383106447905599
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:qLpNk0QYQvWCdznpQ8Q/JIEzNbyaRUcAgNBm6OjjYIKKuSWdddddKfaW3ttapII6:Z7cIWz2PNp
                                                                                                                                                                                                    MD5:65FF11C770D16063AE896517D60EA900
                                                                                                                                                                                                    SHA1:C759CFF5E6A08AE5C232B79FF95C58FCE545F24E
                                                                                                                                                                                                    SHA-256:6707457E8D1AA16B08A77E6E44A69984EF5C784DBC8B65796D5DF80AB0C4182C
                                                                                                                                                                                                    SHA-512:D40CB1B633916AFF909255293D1B567EE353FFBBDA3517BD80D723B7FBA1225F660B20599963C83BF28036B853280A9246ED1CA23633B805357651EC64046982
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:................]......................U.......4..*.+*............................................................................................................................................................................................!......................................$%.....,..../..............................................87.............*...&%.../...D.7,.....#......).(......9....q./!D/.,?..l..V...&..........#....................&...........4./................................................................%......................-.J.........................................................................................................................................................................................4.5.... .....%....9............"..................................................................................."%..........$-........................................................................ .............................................,).*)...0-.....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):195922
                                                                                                                                                                                                    Entropy (8bit):7.794894584105228
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:GS6k44yC1hyzAF5fSXXZe4ioflXor8xL7iQbyi0w5:wL+fy1w4iId6mL7iQbyg5
                                                                                                                                                                                                    MD5:F31BE727C15312BB50BAA9A60003594B
                                                                                                                                                                                                    SHA1:1DC4BCBE28572E8D72D1AFED9731D32A7985AE99
                                                                                                                                                                                                    SHA-256:2868CAAFFCF13AE3D6D22831668E19D4200593190A1B88B714B62B3E47AC537D
                                                                                                                                                                                                    SHA-512:387B314F64F5BA5C72BE7F1E834A62B8B72A984A36EE9DD53AA538FC26E2C343CBA6E2485D15F517BD403E285455108D303B88D2DB1D246F5990422A461FA1B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.JM,IM.u...X....Y.)h8V..(.W......(x.%.i.r.r..PK..D..E...E...PK.........[.R............-...com/sun/java/accessibility/AccessBridge.class.}.|.....3s..n.$$.Xj.BI.P$...!.$...K.@$$.B.....;...Q.4...{..gy...go(.sffwg[.......{..{..3s..?.{..r.....`..c5...4..j.I.W5...R4.Wc.46AcY...X..r5..IOi..<H..k..!W2...gjsS.7uz*.g..O...U...-.U.;.T..:.c..-.Wl\.....cK..<..,.3M...c.....SS.kk.--..Prq...M.>...P..q./"ajj..v...:=.......-.e.....:..............#...f...cjjimS.Or.z...?b.F46z.i....[-.$b..T..S[...UY.fmk..D.-\....S.mh...MM......9.......hSS...H...Xgz...[=...:.....u..X.5ku..U-....Zu...m.6..h.V..V.S.....K..5.M......7..e%...pI.....+.K.1.dx....n.75k.Dr{.5r1.ojd.*.../.n.6..,.,_\X....%.+J.#C.&..E...K....%..W.U,E..+.**W....*.4.....[R8...T......s.UZ].).Y%U.+..(-.(.......B.J..*.`.UZYR.9j..6..0.....].K.J..U...kvE.*...FpNaiy.,.lo#...*P^>..p.2v.)+...I.6..Z..W.T....0..<.TVXTR...+J(.A...kJ*1`.P.J..C...(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):70222
                                                                                                                                                                                                    Entropy (8bit):6.382726302295152
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:m/ppu0QYQvWCdznpQ8Q/JIEVNbyaRUcAgNBm6OjjYIKKuSWdddddKfaW3ttapII6:j7cIMz2TNp
                                                                                                                                                                                                    MD5:085CAB8B3C0D6AE59B3FDC2B09CA7B2C
                                                                                                                                                                                                    SHA1:C9D1AA28415E4FC44C8935E2AF8DAC6B950F7C23
                                                                                                                                                                                                    SHA-256:352F6C64C4742C49194EA23E75867C97DD445CA0ED3C29747A1B3149E05B8238
                                                                                                                                                                                                    SHA-512:158F06E74FAEC63406FC8A968A0CF23A34013877C2F44C94AB1FB2BF0F9E928741CAFEEA658A104BD87D4CF68BAC2B812486F8D73E163D4469B4BB6099D69125
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:................]......................U.......4..*.+*............................................................................................................................................................................................!......................................$%.....,..../..............................................87.............*...&%.../...D.7,.....#......).(......9....q./!D/.,?..l..V...&..........#....................&...........4./................................................................%......................-.J.........................................................................................................................................................................................4.5.... .....%....9............"..................................................................................."%..........$-........................................................................ .............................................,).*)...0-.....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3837771
                                                                                                                                                                                                    Entropy (8bit):7.9714359722078125
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:+oRNd6cE1yq8004FdirZIz8D0BwvzaA6qCP2LSAl5N:5Nd6IxD0B4+qVOC
                                                                                                                                                                                                    MD5:464E8A959D39D16B0E62F177F77EB7A3
                                                                                                                                                                                                    SHA1:CC8FEDB29AA80EA30F144EC6F1FD5594FAC83622
                                                                                                                                                                                                    SHA-256:70DDA4E2247E7A7D8E78501679AC89CA3214D8A98EC8F332B9FBBD043FE88857
                                                                                                                                                                                                    SHA-512:515872ADDF16A1EA2FACF5C7AB70B987669D8CFA102705149528084375064BA9CA272B0D48EB7AE3774581524CCA4C517C6BE092CE1912BADE9A36355662E05D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z..F.F...U.9....%...:..y.z..\.\.PK.. .A.P...[...PK.........[.R............(...sun/text/resources/cldr/FormatData.class..yx\U.....fi....K.P..[Y.tIK.m.%..M.6.d.:.iI..T......*K.l..... .u.U..........L2Sg..y.{..{...g../?....[.,.._..D...(#....."H.#......#...D.1.....Db.1.8..BL%N&.....L...E.&..S.9..i.\b.1.X@,$Z.V..h'....%.R.t...L.,.lb.q.q.q.q>q.q!..XAt.+.U.jb..I.%......b....Dl&..Ab+q1q......&.#.'^A....x..j.%z.^"Dx.v...'..A"BD...'v..!....$R.Nb.q%1L.&."^K\M..x=q.q-q.......7.7.7.o!.J....x;...f......%.G.B.J....q..A.C.........G.;.....{...G.{.}.}......C...c....G.O....$.#.'..O...'.O..&>K<C|..<....a.K...._%.F|....M.[.....%.G.!.%~L...).3.../...._..!~K.H...=.....?..!.N.....2.o:>:...).SA....SM...x:.t..L.......l^...>..q&...,".\6w.%.[(O.<....>gQ.&&.X$}..T...9C.3.9K...9GZ97..'...;5.fytS..M.z.!im.....>....U...n..=...nl.~LX.....C..7..B..t.]..Mz..d.K....hF..w...1.H.+

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4060828
                                                                                                                                                                                                    Entropy (8bit):5.654180568220739
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:49152:RkSov8bdfSAY3YQMhHBUmrMYHt+e1et++e:2Ebd6AY+BzrJH4e1qC
                                                                                                                                                                                                    MD5:FB3B52A77CD7D5C06AB18417B880CF85
                                                                                                                                                                                                    SHA1:16B32390DD4B20F215E9BD4652451AE110408DBC
                                                                                                                                                                                                    SHA-256:D316BC002FA5A15622C5D4076F74A8F97FEC63D4EFBB9446E9CEA101C66C051F
                                                                                                                                                                                                    SHA-512:6A1ADB2B9D6969840277588C93F299C22AD167AC9CB3D4C4AE2B94D49A2E3301502EA54E2EB62B74B97D0324028E9BB6455EC078824D1EC9B5D6C02B3E2D9CA9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.................]...................4..+-4+.+..n1.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):43747
                                                                                                                                                                                                    Entropy (8bit):7.9086672339230155
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:/+hKBewens5WLrCjBaYLAr/PRRzCBxAIjlJsHhj2smrQ:/sweCXLADRRWBxA4J98
                                                                                                                                                                                                    MD5:78E7E96C457DACD63FF8B91B18A18D94
                                                                                                                                                                                                    SHA1:7DEEB6B1BB9CD5DD8E88E89B104036FB11A3A6E7
                                                                                                                                                                                                    SHA-256:CEF2CCB8962A6D995E98DF38C0370B0685A20DBA56D492789535F075837664FE
                                                                                                                                                                                                    SHA-512:49278B823990C58A66513F09A2DCAD30BA512A48F7529EEDEE1147E4CFBD9961908063F08C8B1CD51871F5D6D22D1450A32DF1D762CA99895FB879AA2E1089E5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.JM,IM.u...X....Y.)h8V..(.W......(x.%.i.r.r..PK..D..E...E...PK.........[.R............5...com/sun/java/accessibility/util/AWTEventMonitor.class.X.x...>.y,..y..<x. .h...Pj..F..$..j....$..fw...V.mUDE......j[.*...V.Z.Z.#RJ.4.i.S-Zi...f....n..}..>.....=......SDT#.K.V.p.j.K.^......<.......#k$.\.uJk...j....o......~sSCss....I....|J8\.x.b.`.>X.+...<Zj...K....E.A.q..8Xn.\l..0.V. ...C.F.8........m.=.}....vtH..[k.R.s.{..H@.F..B......t0..c.O.az]....S..j.(.}&.3.>.P4...@.j..u2]... ..f.?.......6.R&N.'...5@..F:..G.u6...oW.&.'...!.....L./...G..{.............h..U.....%M!.j..k..........7U*...T.X...Q/..$N.;.A..RaN.O.e..".X...V"u6b.0...=8.&o.[........'.M!Vh..^...7..f.+..y.d^u....]..}.....)Q.a....DQ.1...F.#..C..4.qS.v._n3....Q..}...;.,/.m.cj|.&..+..O..X2. >kN....).s.s.k..-..0k=...$hOo...=.`...1x...K.j$Z.....6.f.... Czq.!."f..~.9......H7-r..nZ..nz....Y..........D.'n..3.i..T......B....XQB..,....+..H.L...

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36458
                                                                                                                                                                                                    Entropy (8bit):6.567566779227993
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:L+eNocIxRNMNo8CDYhYUZ1d3Vh6yDZvi7dmXypppppppppppppppppYppppppppc:VN3IxRGND1hZ1d3Oamdm9hKaE
                                                                                                                                                                                                    MD5:266B3CD165141350C4E97F70DE125B8F
                                                                                                                                                                                                    SHA1:38FB1CA72F034B4BDAD5AFF7D8F4A100FB4C6924
                                                                                                                                                                                                    SHA-256:6E6E99BD2D0F532F3C297ECC2E14CC5379E4F86DE78BDF8CC6615EC63992CCB2
                                                                                                                                                                                                    SHA-512:E1CC802757FF4D3A3DEB64992188F60FF5841BED1D5351DBF39833A686B218B9BE93F73D3C656601150EBDD60337EBA84C2F98CED46A8190F1C62B4B7678A080
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:................].......I........c..4..................................................+.......................................................................................................................... ...........................X.0......!.."!.........9.......................................................................................................................................................................................(.......................................2....9............................. ..........#.....'........................................#...............................................................................................................................................................................+4.!.!....................................................................................................................................................,...........................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):428740
                                                                                                                                                                                                    Entropy (8bit):7.944198443680966
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:X1H8fn8lnoHhvwUPfveUFn6GxiPdAIl7o:XF8nWE4keu26Iu
                                                                                                                                                                                                    MD5:80558729BB2EDFC3B03B8DEE73D527B4
                                                                                                                                                                                                    SHA1:521D59E97A3E254ECD9DD06B213AC0FDA4C2983A
                                                                                                                                                                                                    SHA-256:F17139ECB92B94A2A3909A5A2F2C8A5FEEE9AFAF25E8CD2B5A8AB0FD3DD73C9E
                                                                                                                                                                                                    SHA-512:80E5785BEB2DE61EA8CC9882E94E3ABF99917556467EBF935297A9E0F7376B313850CDB0FFEA2D98ADA9DB8C6B3A6104572399667E8CFDE0CD537775E445B0AD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK...........R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3....-.I.M.+I,...d..Z).'&WZ.f...b.A2.P...43'E.+%[7. 5.$l...\..X....Ti...X....X...Y.Z.`.g......PK....t.x.......PK...........R................LICENSE.\[s..~._..KU.f.l..Q*U.DYLdRCR...$.". ..E.........LvS..%....;..b.......W%..k.y...........n...:+..q`....~....\..}.=n.{zy......?..sv^...r..l.4i.......+........6.{.........Oe..._....>...._~.`..CcFO.. !...U.i\j..@.M..Y.T.m..Kl.....m......r:...v..l...j...Y.h..V/..&y^>.....%.e.Y.c.@m.ee...........c!t5.w..9..}.Vv......k.d..Gj.....ES%5.j......)oe...lm...[.h+z.h~...l...k...`.~...n...5..........v9..d1....U.xWG.,.qI..%...*..dk.7%.....jpi...m-R.I..r............}.}`.m...j.*..qIz~f.......L.a.+.5.X.P.o.W.g.w..........U....R..X.w.6..me..U.P.X.IC*a7...7R...Kg%=..*N.(z.6..x..6[...Y.9...U.V.{.E.jEK..K..zt...~.....JzG......|...q%T.".-...~!...^....C.%..&...5d.(......vh5.p.'+G|Z...8X..R.S.Gx/u..@....l...;SC..V..l......h../P.y...

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):278135
                                                                                                                                                                                                    Entropy (8bit):6.6939320673272364
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:wkRW6Sp+RI7HP7YJXv50+ACy1av07m2WtozTItNBW:Jc887s5vf0auJ
                                                                                                                                                                                                    MD5:3B997068ED80236BA82703B7C8275621
                                                                                                                                                                                                    SHA1:63D2BBCA29231220D5BEB285C9CF263B4C93ACB9
                                                                                                                                                                                                    SHA-256:40799E64DA3944F75DDB8E9A378C7D37FE8C94183F173717B2F08DAD865CF89D
                                                                                                                                                                                                    SHA-512:C67CA18A538EA12E0032728E575F25B11DA6B847EC3ECCCEB59C53D18EDDBC4D711D4684E8F60ED0DA6E7149AB31A9F8C04EF45F5C5792CEB749C3F7E5B7DDB4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..........@.....]....F............ ....N\.4....#.4*.%+.F........................................................................B.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................''..++............................................................................................................................................................0..................................................../,+.........................$7.'...................................................................-..........@?..........FE............................0......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\meta-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1161
                                                                                                                                                                                                    Entropy (8bit):4.9989067691345825
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:EV677x6CFRf08P86xXFN4jKR980Cm/pvCbJq/LlIrT6/pNmV3UZRV3zVCY5ql/:EE796OfT0OojEGKgMluabe3cb3BCV
                                                                                                                                                                                                    MD5:AC45961E12DECC0F0994067900F94551
                                                                                                                                                                                                    SHA1:B09AC9EA1AFC676C8B2884DD1C7E747EAF9C7039
                                                                                                                                                                                                    SHA-256:DA638BF6B096220011DC0E5ECD5AEFF20A75BA00443C8BE39B55EE815322957B
                                                                                                                                                                                                    SHA-512:EE2B736EA4B5C4FC11EE9F98A0A3197B4BF94A675907DC3DE4F75842706F919BD558CA59CE9F30D0FCC149F280F6C937DA0F312F083BB39C7794CB6B43D26DD8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..sun/net..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..! jaccess.jar..com/sun/java/accessibility/..# legacy8ujsse.jar..META-INF/maven/org.openjsse.legacy8ujsse/legacy8ujsse/pom.xml..META-INF/services/java.security.Provider..org/openjsse/..META-INF/maven/org.openjsse.legacy8ujsse/legacy8ujsse/pom.properties..# localedata.jar..sun/text..sun/util..# nashorn.jar..META-INF/services/javax.script.ScriptEngineFactory..jdk/nashorn..jdk/internal..# openjsse.jar..META-INF/maven/org.openjsse/openjsse/pom.properties..META-INF/maven/org.openjsse/openjsse/pom.xml..META-INF/services/java.security.Provider..org/openjsse/..! sunec.jar..sun/security..! sunjce_provider.jar..c

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1319827
                                                                                                                                                                                                    Entropy (8bit):7.901578742137776
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24576:kZuNn4pYhFTDB+qCmTIyhehSwZhj+LZYmlf8xq54qD8Cc:1N0YHBPibRZgtaCVYv
                                                                                                                                                                                                    MD5:A2DD6BACED76FE17EF8DB6D6A6DCA1EC
                                                                                                                                                                                                    SHA1:26E46D9FB59464F895DA1474ED0C545831311BD0
                                                                                                                                                                                                    SHA-256:47545A341A3E7B99164150D000607E10B7B3A16CAF3320090FC1E5C6128C13E1
                                                                                                                                                                                                    SHA-512:A9472630786CA3369C3E1D9303B5430EB744C962D7287B95D75CAAF00D15EF735C985E5093CC2D36DABFCCAAB2782210F71EEC1BE3CD1CC05886EAA969DDC947
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK...........R................META-INF/MANIFEST.MF....u....0...@.!/.`..d.N..*.!..i..X..5[E\........"e.....pv...PL...B.C.9".s......l..4..CwO.N..C.`.....L...K..,....$.Um=....7PK..|.j........PK...........R................LICENSE.\[s..~._..KU.f.l..Q*U.DYLdRCR...$.". ..E.........LvS..%....;..b.......W%..k.y...........n...:+..q`....~....\..}.=n.{zy......?..sv^...r..l.4i.......+........6.{.........Oe..._....>...._~.`..CcFO.. !...U.i\j..@.M..Y.T.m..Kl.....m......r:...v..l...j...Y.h..V/..&y^>.....%.e.Y.c.@m.ee...........c!t5.w..9..}.Vv......k.d..Gj.....ES%5.j......)oe...lm...[.h+z.h~...l...k...`.~...n...5..........v9..d1....U.xWG.,.qI..%...*..dk.7%.....jpi...m-R.I..r............}.}`.m...j.*..qIz~f.......L.a.+.5.X.P.o.W.g.w..........U....R..X.w.6..me..U.P.X.IC*a7...7R...Kg%=..*N.(z.6..x..6[...Y.9...U.V.{.E.jEK..K..zt...~.....JzG......|...q%T.".-...~!...^....C.%..&...5d.(......vh5.p.'+G|Z...8X..R.S.Gx/u..@....l...;SC..V..l......h

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):594658
                                                                                                                                                                                                    Entropy (8bit):6.579262535907251
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:x7M0OZX224seLcjlbvXd8I6+DwJlZ3yrwgNc7GuffND7votTItNUT:xAhXksdll84MlZiOQ
                                                                                                                                                                                                    MD5:558A800E89BC6C647E2909A0C91DD9F8
                                                                                                                                                                                                    SHA1:8FCFEC1B4E704661FF0C7599E0EE2EC60C69088C
                                                                                                                                                                                                    SHA-256:EC51166A6F4796DE2283DE2A59E9143D953FE37BF9ABBC71873A3978DBEC85DB
                                                                                                                                                                                                    SHA-512:19E585B8D1C13AB511EE66615442FB2BCE3BB529225B623271A8F27A58D76D541434AC02B619D55BBCA03F1F9ADAE94745BC1F2504EADC7F00220B49BA6C13BF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...............].. ..}...3..*...(.>.".4........4..a*.++..+.F.-..+.*...+.*....+.+.*.........................................................................................................X.7.21................W.....,+....8).;..................j.........G.............................................$+............................................................................................................................................................................................................................................................................................................................................................................................................................,..............0/.................................... .............................$....................................................................................... ...$.....!F..)2..M..8.!...!.(.7...!.21.('.............................................................&%..........

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunec.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38727
                                                                                                                                                                                                    Entropy (8bit):7.892056635541057
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:AVsF4r80HrW6ihlo3+2mq/gR4SlKNJVyt/g4POO36tR6BliHs7xZhFo860r8Vxu/:Anr80HC6863+2m/NADytg4PH6DsliHah
                                                                                                                                                                                                    MD5:49C04707BFE8AB4D9ACBDEA575298FA3
                                                                                                                                                                                                    SHA1:C0B2748E9FD21FA1CC63149622A48031A80A413C
                                                                                                                                                                                                    SHA-256:755D5F65D97F90514398F71402CA22CF4810057CB362B9879C9D6EB35B8CFE89
                                                                                                                                                                                                    SHA-512:54FE70DB2AA461F6231B40AD5E790A045DCFB570EBE2A753435C2DFC5689976CF5853BFCD12CBDB5520238BF5B18B27EF1A723639D034376ABECC46AE9893E94
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/......PK..............PK........b[.R................META-INF/MANIFEST.MFu.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK.........Z.R............&...sun/security/ec/ECDHKeyAgreement.class.Y.|T...y............ *...I.....@.R.....3s.y..Z.K[m.b.V...n[....V'.t.uK........n.]..w..n.ae....$.A.o..s.=.;..un.....\-.......X.S.|.R<...'....q...Nhx.O..V.q|F..<.F..v!...I...0..q..u..q...qF..../.%7....9.........K|A._tc..U./....)..T.{Y._VH..f_U........%....|S..;..r.*.......{7...Qt.Q..u.\....}.O......~...~.F'.t.....5....t....WnlpT.k7.........}J.....(.^..[7v..*hJ-C8G..5..J4)..=RN\RA.E...T.gq..*.Z.5....:.G...j......nY .5....H.x...\..j[.S.K4.\..Y..CcF..j....;h....3......h....3...=..!......}j.yOe..!...d...H...P4.\'(ml.-(..../.5.S.a3....s.mFG..K`...Y...YK.jb.0.A

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunjce_provider.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):269185
                                                                                                                                                                                                    Entropy (8bit):7.893002717450154
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:vWwe9awevUC/8yzo2h05nRMsw7VTKHsRiFxIdL5Z7b3I:v+9J1C/8yo2hsRBwssRiFSV3I
                                                                                                                                                                                                    MD5:C1EF20EB01C6510836801453AB45BE72
                                                                                                                                                                                                    SHA1:F39E4B1A89A086B234590B059A31B659994ED8A5
                                                                                                                                                                                                    SHA-256:04D517530607FB10CDF6869BF0DBD19F6241A952505E156DC6C3A88BBFCBB1B5
                                                                                                                                                                                                    SHA-512:D7A70846CF622E7562E14ACFF1CC3FD84FF9F113457B72F1411E39EF5B0926D3CEB04DB13EBB84028EF6742251125B833130ABD048ADA23FCD957C38C14A0843
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/......PK..............PK........b[.R................META-INF/MANIFEST.MFu.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK.........Z.R............<...com/sun/crypto/provider/AESCipher$AES128_CBC_NoPadding.class.P.J.@..mc.....*....CCEDP....JZ...J.,u%.M[.<....?J|..B...aw..?>..b.@......t4tl3.....+.b....9I....!...'\......O.j.oE..z7.#.g.:/.2....P...^..zwU...c..l..v...T....NU..!W.*.T..|L.c/..a(...]u....,..C{}.P.n.F..J.Z. ....rf.sE....|!.k....6..FU.NhPwD>#..7.....(..^*..(.>.?.2I.P.El..P...)...f..PK......'.......PK.........Z.R............<...com/sun/crypto/provider/AESCipher$AES128_CFB_NoPadding.class.P.J.@..mc.....*.....""(BM..JZ.x-i..+.&l....I....Q.^...f................Ml....c..t#.Ho.......D.g....^..r..OCr.q.....u....\.=.+..;.;..7.u{=.{...=.....hi'..g.5N#;V.J.\.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):43038
                                                                                                                                                                                                    Entropy (8bit):7.873703776451889
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:4YGNjBvF8N2fivAZ76Lzl174BXGUEbIffFrNYgZwj5T0HpkFiiyy8Je/8g49vr0n:4YGNjxmN2kAZ76LzlqBXziInFrNY6QVl
                                                                                                                                                                                                    MD5:E862F2417B9E605077B14BD40870F81B
                                                                                                                                                                                                    SHA1:B1AF847865894E4ACA999CF15254950A3ADBC66A
                                                                                                                                                                                                    SHA-256:C5A5DCED73B692EAA10278C1798AB5703871D4813781239F3AB6155783D947E2
                                                                                                                                                                                                    SHA-512:0164CFA331D7B0C469A9CC0876AE9722380DD63F19E08F12A1BB8E1C9C989E704D76C12A226CB4A90D09A57B0AB7C6BDB3F7CF4549F99A5F8DF6EF104E490864
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/MANIFEST.MF....u.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK........b[.R................sun/security/mscapi/CKey.class.U.s.U...f....P>..Z..4(..EM.BC......."v..&..M..T....~...7}...0C....Wf|.?..7....._!8....{.9.{..s.y../...G....Hz8..8....`.G....8hX......U'.!=..........\.6...X.^...e.9kr..+2l.q......fa...{df....9.U....$&.......gy.q<a....N_iX.G..1..G2..+|E..$H$.+...6..'._qB..uk....pI..c.n.b#S.x.].J...S...jVw..#..\..q4xj.gKt.r....:....N..&Fmc.......W.2..GkZOs.<+.......r.[97O.i>Z..n..9.m.(Xc..;....c...E#....?..6....?..(m.....8.....=.rX.na...#.l.....^|....]2.e..xFF..ge....y......Sk...+...I=].Dm.t..52TS.c.^u.d..I=v.}....4..jY.V...g4.....d.URti...6..@.s.UhPT4...+*v"."...($...W...T..l....*v...G..EB.1...q.G......C.a4.N$C.......o(..0\.n..G.F.jE...y.Q..ij

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22155
                                                                                                                                                                                                    Entropy (8bit):6.586447506078291
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:2nW+lH/HBPpyuH75nreZzZixpfieL68CqEgjpdcnGGx5Lc:0p/HBPpHH75nreZzZip6025LI
                                                                                                                                                                                                    MD5:EE900003BB298D82C1C1AB65BF0D1038
                                                                                                                                                                                                    SHA1:CE744E382E9327F49527E4753BD9A316668BB836
                                                                                                                                                                                                    SHA-256:9D37087D57531C4C8438C3FA64A506B08F71B5CB5462BFF59D653D06D1170B22
                                                                                                                                                                                                    SHA-512:845968C8192DE9CA2A78C9DA05041138EAC5F80252B3CB1680B3CE2F0FDCA99F68FAB65F7FBEFE71B8F0F953DC3BEC4AD23708B1DDE8E387525911DFAA16B5B3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:................]#.............F..!......4"...............................................................................................H.......'(.......W.."................ ............. .."!................................................................&........................+.... ...........&).........................................................................................................................................................................................#................................. ..................................................................................................................).!................................)........................................................................................................................%...................0..... ............"....... ....................&...."...... ............."/..................................................".............................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):269482
                                                                                                                                                                                                    Entropy (8bit):7.953304084136931
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:B4U71wLBndmc1vO3w3A2Km9mS8GvlTDe00kt5m:OUJwVnMcPgmMS8mlH1nm
                                                                                                                                                                                                    MD5:3B484D613B13097DF94FC02830625FE3
                                                                                                                                                                                                    SHA1:2AE78E428005A2AA4C1C186E13B015ED8F626D98
                                                                                                                                                                                                    SHA-256:0370BFD5C5B93A86D4AB384BD1954833B663037F922DFFDD145B0C4708848F15
                                                                                                                                                                                                    SHA-512:2696A1673C62B9E0B87F417B441BABBAE55DCFA36F631FEE0907E8AB61E4D004A0A273668FE15474A7ADB0D48A7009B58783E8173EB8BD73481F75F5B1293A1A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/MANIFEST.MF....u.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK........b[.R............ ...sun/security/pkcs11/Config.class.Z.`....o.M..f.l.@ .H..fC......s`6.A+...$.qw.E.z.Rkm....E...QAkA.[[o.Zom..._...o...+....}3o..y..7.>y.w........V......*.U.<.<*.T.T....*.T....F.6..Y..T..*\...T...W.p.......U.*\..T...;T.].;T.V....Ua...U.~..U.P.!..Q..*.U.)..V.Y.^V...^U....T,Rq..N.]*..X......8]..*...L.g.8[.9*.Uq...U\...*.R.{*...z.[UlS.....U.P.G*^..*.....F.....;.B..u.BO......)S.;B..zS....C..f.z...(.^......Z..[.....X.D...^**E..%...R...K....S=.B...?.RTmT...I].F...:...iDI.Bj.jwY).<.-3g. ..NO.y......a3.\.s~3....R..F.Y...h..{.;=....._..>...p.......T...l.Bv..%.....s.....Ba.....u......*_...^YU...qm....jc.*.SY.P....Uvu...=$K.=..l.g!i..1.m<e...9..^U.7.Y.W.....-.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):168111
                                                                                                                                                                                                    Entropy (8bit):6.586604366610371
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:a+/ZoB/6tYyDMjoE0gtsxYZ4tn5NB/5WGob44j44L4EnkQ4444xvqhfCM/G7vpsT:asViDpsxCehZC8EmYbykjuyWvO8V9P
                                                                                                                                                                                                    MD5:F70F2E791C4BC4F97E0CFD293EFDFB00
                                                                                                                                                                                                    SHA1:A5F9F5590777CFC7DE8B7808F88FDA67DCB3808A
                                                                                                                                                                                                    SHA-256:DAB578370C83BB0F88DA5446C17C45CA2F173483AE7849CF1E1078651C5B3AE8
                                                                                                                                                                                                    SHA-512:E501635BB7B1A1CB9F61241A14F3EF0E7AAEF20C93CEA91167B1C7DCA2D872FBB0D03990976598D06DC4F7BEE9FC1DACE90A404CA5BCAECE92E99E6B7F7A0CF4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..........%.....]|...2.................C....9.4{.,^...........................................................&.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\flavormap.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3928
                                                                                                                                                                                                    Entropy (8bit):4.86616891434286
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:pTgwOsORUjdjTD6QfxWkVIyiVyV2mjuVwwY:Jgw5TjdjTtpWk6ylV2zwwY
                                                                                                                                                                                                    MD5:D8B47B11E300EF3E8BE3E6E50AC6910B
                                                                                                                                                                                                    SHA1:2D5ED3B53072B184D67B1A4E26AEC2DF908DDC55
                                                                                                                                                                                                    SHA-256:C2748E07B59398CC40CACCCD47FC98A70C562F84067E9272383B45A8DF72A692
                                                                                                                                                                                                    SHA-512:8C5F3E1619E8A92B9D9CF5932392B1CB9F77625316B9EEF447E4DCE54836D90951D9EE70FFD765482414DD51B816649F846E40FD07B4FBDD5080C056ADBBAE6F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.# This properties file is used to initialize the default.# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-.# specific, default mappings between common Win32 Clipboard atoms and platform-.# independent MIME type strings, which will be converted into.# java.awt.datatransfer.DataFlavors..#.# These default mappings may be augmented by specifying the.#.# AWT.DnD.flavorMapFileURL .#.# property in the appropriate awt.properties file. The specified properties URL.# will be loaded into the SystemFlavorMap..#.# The standard format is:.#.# <native>=<MIME type>.#.# <native> should be a string identifier that the native platform will.# recognize as a valid data format. <MIME type> should specify both a MIME.# primary type and a MIME subtype separated by a '/'. The MIME type may include.# parameters, where each parameter is a key/value pair separated by '=', and.# where each parameter to the MIME type is separated by a ';'..#.# Because SystemFlavorMap implements Flavor

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\fontconfig.bfc

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:raw G3 (Group 3) FAX
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3778
                                                                                                                                                                                                    Entropy (8bit):4.414193396978289
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:iX1WWWWctdpSD55JAQ7Wn6JBl7BWBBTirVYa5qaZcZFRj2:iX1WWWWc3U5OsvfuBTi5KK
                                                                                                                                                                                                    MD5:48B8858D27494A66594B59695D6DC60B
                                                                                                                                                                                                    SHA1:1D3BFF1E17EF6B5563CBD0762C2867B36FBDAD95
                                                                                                                                                                                                    SHA-256:3F1792188AE901ECA47B64728776D35095DC0220D5C929D0DA99A2427877C3B2
                                                                                                                                                                                                    SHA-512:5D814990CFF9F787723C629E22B30A2ABFC9C8DF0A712C2A7CB7B11EC52DDB083CB67C2158EEEA2CC03D763AA308C9A271AC7CB7C88A96E4E4C029DD95B7656C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...&.........:.^.p.........#.a...........;.<.:.=.0.7./.5.1...6.2.>.9.-.3.8.4................................................................................................................................................................................. .!............. .!.................................................................................D.@.I.E.A.J.G.B.F.H.?.C...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.].\.P.Q.K.^.Z.f._.T.R.[.L.U.O.`.a.b.e.S.M.h.V.g.X.N.c.W.Y.d.i.o...l.v.}.......m.x.r.p.~...t...q...w.j.z.....n.y.|.k.s...u...{.............................................................................................................................................................".......#........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y...........................................................%.,.>.F.P._.l.~.............................%./.;.E.P.Z.e.o.z.............................'

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\fontconfig.properties.src

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11575
                                                                                                                                                                                                    Entropy (8bit):5.215183795812278
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:XThf+e6a1nsNi8bTeOiO/Ywca9nB2RwhCdvBQGuo6wj:XThflnHIR9B2Rwhifj
                                                                                                                                                                                                    MD5:D4D5981664D4CB0EBCB6F3BF63505B29
                                                                                                                                                                                                    SHA1:4720B7407706F4E0D80CB458194E74F8FC3B83F1
                                                                                                                                                                                                    SHA-256:F13DF9360E93B24820B24652473F6CB0F4F70FC346AA3B408ACB94ED59CAC0AC
                                                                                                                                                                                                    SHA-512:3658FF76C882511E7EE3821BBD31C3CE0D3FF263CE5F69659F54732667CBB9148ADFBD0BBAEA916071E1D38DB671BF6DDAC84DDD3362CFF0DDF21C7CC1240DF2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.# .# Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor,

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\hijrah-config-umalqura.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14959
                                                                                                                                                                                                    Entropy (8bit):3.6828553232288717
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:S8ThI1EgZass+YXdGOS8NhN9Yd9Yq67IwOYUuUS9O0:bThpyJO/BFi9YqAInYUuUmO0
                                                                                                                                                                                                    MD5:7B451352F9F9EAC657D963C5D2921DDA
                                                                                                                                                                                                    SHA1:D8C664AC3E18A044465B4F76311661A4F7F045A2
                                                                                                                                                                                                    SHA-256:3456982DE9EBA535337852F02852E26E4ED197EBD9D8356977E6DA4ED9075538
                                                                                                                                                                                                    SHA-512:822BE7D4E40408DCB0788EFC521FB13EAF3650DB4F934CFBD37D00C0026D35D254CF415D5AD7273C78FCED84A582BCCF101E413C0686095CDDE4BFA93F883E13
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, Boston, MA

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\i386\jvm.cfg

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1620
                                                                                                                                                                                                    Entropy (8bit):5.002361732088542
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:QhDoH/2QHrQEQtmKy/aOkHtbVJyqTbVKm2YPcH0nm3XWNXOoXHjifIBMB1XqfI77:brHIty/qHh+m2YPOWj2fL1Xqfc7
                                                                                                                                                                                                    MD5:B8076CF8E6635A1387956AB123797171
                                                                                                                                                                                                    SHA1:D23060FE12F5FF5CC22948CBFA1D725F8E2323B8
                                                                                                                                                                                                    SHA-256:5598FBB38E2FD8681BD6630EB355D846D14B0ACAFF292742D3ABE99916A929E9
                                                                                                                                                                                                    SHA-512:9723AF759ED0E4FC2055A9F29FC4D0F4A421C6AE8F10C9EFC1D48078E6FC14E6C1177FE7A8CFDA49EF771F8BCDEB3F9E8C3AFB0ADB052AAABC43A5C889798DE9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, Bosto

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\images\cursors\cursors.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1280
                                                                                                                                                                                                    Entropy (8bit):4.9763389414972465
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:RlwQtG0Bf29d3ptAMZGpfFGZWpHN07mBpQKf4TpxV4jp504Tz8pFMafpXs:RlwQM0BfEpZSKyCycXW44Cfy
                                                                                                                                                                                                    MD5:269D03935907969C3F11D43FEF252EF1
                                                                                                                                                                                                    SHA1:713ACB9EFF5F0B14A109E6C2771F62EAC9B57D7C
                                                                                                                                                                                                    SHA-256:7B8B63F78E2F732BD58BF8F16144C4802C513A52970C18DC0BDB789DD04078E4
                                                                                                                                                                                                    SHA-512:94D8EE79847CD07681645D379FEEF6A4005F1836AC00453FB685422D58113F641E60053F611802B0FF8F595B2186B824675A91BF3E68D336EF5BD72FAFB2DCC5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.#.# Cursors Properties file.#.# Names GIF89 sources for Custom Cursors and their associated HotSpots.#.# Note: the syntax of the property name is significant and is parsed.# by java.awt.Cursor.#.# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>.# Cursor.<name>.<geom>.HotSpot=<x>,<y>.#. Cursor.<name>.<geom>.Name=<localized name>.#.Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif.Cursor.CopyDrop.32x32.HotSpot=0,0.Cursor.CopyDrop.32x32.Name=CopyDrop32x32.#.Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif.Cursor.MoveDrop.32x32.HotSpot=0,0.Cursor.MoveDrop.32x32.Name=MoveDrop32x32.#.Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif.Cursor.LinkDrop.32x32.HotSpot=0,0.Cursor.LinkDrop.32x32.Name=LinkDrop32x32.#.Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif.Cursor.CopyNoDrop.32x32.HotSpot=6,2.Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32.#.Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif.Cursor.MoveNoDrop.32x32.HotSpot=6,2.Cursor.MoveNoDrop.32

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\images\cursors\invalid32x32.gif

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153
                                                                                                                                                                                                    Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                    MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                    SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                    SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                    SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\images\cursors\win32_CopyDrop32x32.gif

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):165
                                                                                                                                                                                                    Entropy (8bit):6.347455736310776
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                                                                                    MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                                                                                    SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                                                                                    SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                                                                                    SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\images\cursors\win32_CopyNoDrop32x32.gif

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153
                                                                                                                                                                                                    Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                    MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                    SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                    SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                    SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\images\cursors\win32_LinkDrop32x32.gif

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):168
                                                                                                                                                                                                    Entropy (8bit):6.465243369905675
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                                                                                    MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                                                                                    SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                                                                                    SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                                                                                    SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\images\cursors\win32_LinkNoDrop32x32.gif

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153
                                                                                                                                                                                                    Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                    MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                    SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                    SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                    SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\images\cursors\win32_MoveDrop32x32.gif

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):147
                                                                                                                                                                                                    Entropy (8bit):6.147949937659802
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                                                                                    MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                                                                                    SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                                                                                    SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                                                                                    SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\images\cursors\win32_MoveNoDrop32x32.gif

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):153
                                                                                                                                                                                                    Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                    MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                    SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                    SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                    SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jce.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):97684
                                                                                                                                                                                                    Entropy (8bit):7.892349044360256
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:2nJeNOC2BVYGSJKyYDuRRzt6se6s3vWYmd/VLDU0w/jTsaiW7e9pJWjKpzFQTx8k:hj2BVYUuRR5G3utVLSTiW7e5Lyd
                                                                                                                                                                                                    MD5:D60BFE30C268A52522A905B519FB0CC7
                                                                                                                                                                                                    SHA1:A0E350437EE482884694E6C53266D7039F7781D8
                                                                                                                                                                                                    SHA-256:A4AE9C4EAF8873FDD2BA9091D7E95D045B95607CBA49D7BC0EF5AF89BDBF80DD
                                                                                                                                                                                                    SHA-512:DCD42C786D23612340A60BFD0B059F8B41196CF7E55A901AF8E2811A21476F2FBAD5C2851AF3012CADB9173262ADD9D4F36173489E882271F26271086F201B89
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/......PK..............PK........b[.R................META-INF/MANIFEST.MFu.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK.........Z.R............&...javax/crypto/AEADBadTagException.classm..J.@....[$............."Bk..d(#qR.T.c.*...|.....?A\..s~..w..}...8D.F.+FV-.YX'Tc.)..2.U....&.:.....W.S..<....l~..gJ..m.\'.%..WZ.L.F2..Q.N........;.$Rz|j.. .F..T..h.......7..$.'..X.6......9^.4IB..".......A.Y.5@.B.....2X.E....N.'..7..4Pb...Z|.^.......I..#...q.1;.....PK..|99.........PK.........Z.R............&...javax/crypto/BadPaddingException.classmOKJ.A.........+.Bb.G!+..... B4..L.Z..3#..<....<.{..E..Cp!...W........@.u.9,YX.b..UB-.F.` M.B}wyJ.+B...(.:.. .......L(.*..cB..= ./....:y.Js+..+.f.^<.7.z..c...c.N?L.'.5....F.>/.&.....].+.....a....3.q...$.[iU$..x.^H-.....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1922222
                                                                                                                                                                                                    Entropy (8bit):5.954292610990907
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:XeP3N5Yk/oPN6BUZGxu002wAZuEOTsikQoYpwmrrTR7Z:XS3I9Gxndu5kQV7p7Z
                                                                                                                                                                                                    MD5:ABA762047180D748D13038C79A297273
                                                                                                                                                                                                    SHA1:2149FDCAC374A7571FE5F838DECD9F78159A8B8E
                                                                                                                                                                                                    SHA-256:452BED925863A3686BC9EC5CAEDF73668BB3B6347F13C6C5C48A93B33C76E6E2
                                                                                                                                                                                                    SHA-512:8CC67B7BFDD045C040E560B3A0D07C9D8E5510CF18A9AAF59BD468614004E16389CBE06E4D5DDD689CF26AA4FE6939BD474CECD6EC7F630E109185C3B6B89770
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.R .M0...0.......META-INF/MANIFEST.MF....Manifest-Version: 1.0..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_292..Specification-Vendor: Oracle Corporation..Specification-Title: Java Platform API Specification..Specification-Version: 1.8..Created-By: 1.8.0_282 (Azul Systems, Inc.)..Implementation-Vendor: N/A....PK.........[.RJ..E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4.....()V...()Z...<init>...J..%com/sun/net/ssl/internal/ssl/Provider...install...isFIPS...serialVersionUID...sun/security/ssl/SunJSSE.,..c".J-.........(Ljava/lang/String;)V...(Ljava/security/Provider;)V...........................................Code...ConstantValue...LineNumberTable...Provider.java...SourceFile.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.).......................................8.)...................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):374065
                                                                                                                                                                                                    Entropy (8bit):6.65604835985926
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:eW31G1XEPjwafKNYge+i0mca9KZfH9D0GCCCCbNuamI+o3Uz3U5am8zEXECb1kb2:z3EhafeYg3cceKZfHTuf55rkA8
                                                                                                                                                                                                    MD5:D0B67B9950CC7C430F718B97D1FA5E9E
                                                                                                                                                                                                    SHA1:570611A0CDCFEB970154F06EFC39900B09A25E5D
                                                                                                                                                                                                    SHA-256:F98DDEFF204BE7F6FF1B302476C0CB2D798AE6DFF177CF3785F7A783671E184E
                                                                                                                                                                                                    SHA-512:154D86BA9963B64B298E544A836F9266637C04DCD9DA947404AA3BA5B47D50FE6031709173F16AFAFCD909644865B0711018E8FACB428A68608294D3D92AD74D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..........X.....]....U......$.....0...'....4....w...zC+.++.......+.+.*.........................................................................................8(..%.........u.............). ..................("......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jvm.hprof.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Algol 68 source, ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4226
                                                                                                                                                                                                    Entropy (8bit):4.708892688554676
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:CYrYJDrYJ+RvJ3z3d9uGG7hPxTRnhTbraYfwE5DyK:CYrsDrsgvJ3z3buGG7LvSmhDz
                                                                                                                                                                                                    MD5:C677FF69E70DC36A67C72A3D7EF84D28
                                                                                                                                                                                                    SHA1:FBD61D52534CDD0C15DF332114D469C65D001E33
                                                                                                                                                                                                    SHA-256:B055BF25B07E5AC70E99B897FB8152F288769065B5B84387362BB9CC2E6C9D38
                                                                                                                                                                                                    SHA-512:32D82DAEDBCA1988282A3BF67012970D0EE29B16A7E52C1242234D88E0F3ED8AF9FC9D6699924D19D066FD89A2100E4E8898AAC67675D4CD9831B19B975ED568
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions.are met:.. - Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer... - Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... - Neither the name of Oracle nor the names of its. contributors may be used to endorse or promote products derived. from this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS.IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,.THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR.PURPOSE ARE DISCLAIMED.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\logging.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2455
                                                                                                                                                                                                    Entropy (8bit):4.47026133037931
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:EmdS5PQQL8pRNYHjVsnkYXxtOGh1xdvjMgxH:G9NL3HjVLG1XrM8H
                                                                                                                                                                                                    MD5:809C50033F825EFF7FC70419AAF30317
                                                                                                                                                                                                    SHA1:89DA8094484891F9EC1FA40C6C8B61F94C5869D0
                                                                                                                                                                                                    SHA-256:CE1688FE641099954572EA856953035B5188E2CA228705001368250337B9B232
                                                                                                                                                                                                    SHA-512:C5AA71AD9E1D17472644EB43146EDF87CAA7BCCF0A39E102E31E6C081CD017E01B39645F55EE87F4EA3556376F7CAD3953CE3F3301B4B3AF265B7B4357B67A5C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:############################################################.# .Default Logging Configuration File.#.# You can use a different file by specifying a filename.# with the java.util.logging.config.file system property. .# For example java -Djava.util.logging.config.file=myfile.############################################################..############################################################.# .Global properties.############################################################..# "handlers" specifies a comma separated list of log Handler .# classes. These handlers will be installed during VM startup..# Note that these classes must be on the system classpath..# By default we only configure a ConsoleHandler, which will only.# show messages at the INFO and above levels..handlers= java.util.logging.ConsoleHandler..# To also add the FileHandler, use the following line instead..#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler..# Default global logging level..# This

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\management-agent.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):382
                                                                                                                                                                                                    Entropy (8bit):4.965830143875437
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:5j/lkB4r/Rj/lczbdy/zsOw1a3fUaUZTXZ5vTxx/lqm4x/dl5lgxmzbdGh/7:5j/KGJj/Gqzjy8fuTfTxt4t/56x2K/7
                                                                                                                                                                                                    MD5:6F58574A7175A51F3CA225B01757F7E3
                                                                                                                                                                                                    SHA1:31E7BF6E2A00F8841C94B47704FAE6E872C2AD19
                                                                                                                                                                                                    SHA-256:16D79691619AFF462DC4B5CA32E4C33298612C4E4A4556A81D89BFA4865DA5C9
                                                                                                                                                                                                    SHA-512:16505E1225ABDDB05A79ADE6247AE4BB4C6F4461303B4C6C4767EC72488376E958104C656BEE84DADB91BB0389F3F196024E8465D4378A68EE9BE431AFD64C23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.R................META-INF/......PK..............PK.........[.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3...(J.M...u.I,..R(....M.KLO.M.+.sL...\`........].J...z..F.F...U.9....%...:..y.z..\.\.PK..8*.Pl.......PK...........[.R..............................META-INF/....PK...........[.R8*.Pl.....................=...META-INF/MANIFEST.MFPK..........}.........

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\management\jmxremote.access

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3998
                                                                                                                                                                                                    Entropy (8bit):4.420205717459709
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:OWi7j79eK8MCN/xK4ijnv+wtosJj/D9mQyZWZuQgQX+dv:OWiv7b8rNXE+wusxr9m5WZuVDv
                                                                                                                                                                                                    MD5:F63BEA1F4A31317F6F061D83215594DF
                                                                                                                                                                                                    SHA1:21200EAAD898BA4A2A8834A032EFB6616FABB930
                                                                                                                                                                                                    SHA-256:439158EB513525FEDA19E0E4153CCF36A08FE6A39C0C6CEEB9FCEE86899DD33C
                                                                                                                                                                                                    SHA-512:DE49913B8FA2593DC71FF8DAC85214A86DE891BEDEE0E4C5A70FCDD34E605F8C5C8483E2F1BDB06E1001F7A8CF3C86CAD9FA575DE1A4DC466E0C8FF5891A2773
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:######################################################################.# Default Access Control File for Remote JMX(TM) Monitoring.######################################################################.#.# Access control file for Remote JMX API access to monitoring..# This file defines the allowed access for different roles. The.# password file (jmxremote.password by default) defines the roles and their.# passwords. To be functional, a role must have an entry in.# both the password and the access files..#.# The default location of this file is $JRE/lib/management/jmxremote.access.# You can specify an alternate location by specifying a property in .# the management config file $JRE/lib/management/management.properties.# (See that file for details).#.# The file format for password and access files is syntactically the same.# as the Properties file format. The syntax is described in the Javadoc.# for java.util.Properties.load..# A typical access file has multiple lines, where each

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\management\jmxremote.password.template

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2856
                                                                                                                                                                                                    Entropy (8bit):4.492265087792545
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:MGS+Hpamow7YNkjP9YZAuFovuAnNpG1GMV/BWEUHXYE9nN6k5:Mdm7RT9tvuAnujaE0rN6g
                                                                                                                                                                                                    MD5:7B46C291E7073C31D3CE0ADAE2F7554F
                                                                                                                                                                                                    SHA1:C1E0F01408BF20FBBB8B4810520C725F70050DB5
                                                                                                                                                                                                    SHA-256:3D83E336C9A24D09A16063EA1355885E07F7A176A37543463596B5DB8D82F8FA
                                                                                                                                                                                                    SHA-512:D91EEBC8F30EDCE1A7E16085EB1B18CFDDF0566EFAB174BBCA53DE453EE36DFECB747D401E787A4D15CC9798E090E19A8A0CF3FC8246116CE507D6B464068CDB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# ----------------------------------------------------------------------.# Template for jmxremote.password.#.# o Copy this template to jmxremote.password.# o Set the user/password entries in jmxremote.password.# o Change the permission of jmxremote.password to read-only.# by the owner..#.# See below for the location of jmxremote.password file..# ----------------------------------------------------------------------..##############################################################.# Password File for Remote JMX Monitoring.##############################################################.#.# Password file for Remote JMX API access to monitoring. This.# file defines the different roles and their passwords. The access.# control file (jmxremote.access by default) defines the allowed.# access for each role. To be functional, a role must have an entry.# in both the password and the access files..#.# Default location of this file is $JRE/lib/management/jmxremote.password.# You

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\management\management.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14630
                                                                                                                                                                                                    Entropy (8bit):4.568210341404396
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:Fqsmpsj42wbZTHV+Dq3xtP3xPqaNC/R1a:wsmpsjL0ZTHV++3xtpi68Xa
                                                                                                                                                                                                    MD5:5EDB0D3275263013F0981FF0DF96F87E
                                                                                                                                                                                                    SHA1:E0451D8D7D9E84D7B1C39EC7D00993307A5CBBF1
                                                                                                                                                                                                    SHA-256:3A923735D9C2062064CD8FD30FF8CCA84D0BC0AB5A8FAB80FDAD3155C0E3A380
                                                                                                                                                                                                    SHA-512:F31A3802665F9BB1A00A0F838B94AE4D9F1B9D6284FAF626EBE4F96819E24494771A1B8BFE655FD2DA202C5463D47BAE3B2391764E6F4C5867C0337AA21C87C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#####################################################################.#.Default Configuration File for Java Platform Management.#####################################################################.#.# The Management Configuration file (in java.util.Properties format).# will be read if one of the following system properties is set:.# -Dcom.sun.management.jmxremote.port=<port-number>.# or -Dcom.sun.management.snmp.port=<port-number>.# or -Dcom.sun.management.config.file=<this-file>.#.# The default Management Configuration file is:.#.# $JRE/lib/management/management.properties.#.# Another location for the Management Configuration File can be specified.# by the following property on the Java command line:.#.# -Dcom.sun.management.config.file=<this-file>.#.# If -Dcom.sun.management.config.file=<this-file> is set, the port.# number for the management agent can be specified in the config file.# using the following lines:.#.# ################ Management Agent Port ################

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\management\snmp.acl.template

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3376
                                                                                                                                                                                                    Entropy (8bit):4.371600962667748
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:MkX7W6+IX6XXZAHAvuAn97+onkFOqRCjEhd//SVBteM8hq/unuxsIsxuEAJw2n:MU6bpjvuAnEokSIU/uuxJn
                                                                                                                                                                                                    MD5:71A7DE7DBE2977F6ECE75C904D430B62
                                                                                                                                                                                                    SHA1:2E9F9AC287274532EB1F0D1AFCEFD7F3E97CC794
                                                                                                                                                                                                    SHA-256:F1DC97DA5A5D220ED5D5B71110CE8200B16CAC50622B33790BB03E329C751CED
                                                                                                                                                                                                    SHA-512:3A46E2A4E8A78B190260AFE4EEB54E7D631DB50E6776F625861759C0E0BC9F113E8CD8D734A52327C28608715F6EB999A3684ABD83EE2970274CE04E56CA1527
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# ----------------------------------------------------------------------.# Template for SNMP Access Control List File.#.# o Copy this template to snmp.acl.# o Set access control for SNMP support.# o Change the permission of snmp.acl to be read-only.# by the owner..#.# See below for the location of snmp.acl file..# ----------------------------------------------------------------------..############################################################.# SNMP Access Control List File .############################################################.#.# Default location of this file is $JRE/lib/management/snmp.acl..# You can specify an alternate location by specifying a property in .# the management config file $JRE/lib/management/management.properties.# or by specifying a system property (See that file for details)..#...##############################################################.# File permissions of the snmp.acl file.##############################################

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\meta-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2657
                                                                                                                                                                                                    Entropy (8bit):4.956572925418022
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:EE796OfeN4CBymXg5iRJtPm7M8Z3KJT2VSQifDGr87KA1U:Enr4uymXg5iRrPmA8xKJT2VSvfDz7KGU
                                                                                                                                                                                                    MD5:568CDFA1DBBFB0322C1DEEC272704AC6
                                                                                                                                                                                                    SHA1:122A8A3C7C612D9EC613C673078707C30E5FF295
                                                                                                                                                                                                    SHA-256:A20767D8F612A84B037E96A4094F0CE3B03C41921A5F49D2D57B508A809BE837
                                                                                                                                                                                                    SHA-512:5CF92E845D073A73CFDA3D21BCD1F4A398BC4F7BA72482F8BD7EFED4FC3F136BB60344DCD85613484D9FF150083F587102FD9BBC6F3E74DFEC72BE4F70EDF90F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/awt..sun/nio..# crs-agent.jar..META-INF/maven/com.azul.crs/crs-json-tool/pom.xml..META-INF/maven/com.azul.crs/crs-json-tool/pom.properties..META-INF/maven/com.azul.crs/crs-log/pom.properties..com/azul/..META-INF/maven/com.azul.crs/crs-z-agent/pom.xml..META-INF/maven/com.azul.crs/crs-client/pom.xml..META-INF/maven/com.azul.crs/crs-client/pom.properties..META-INF/maven/com.azul.crs/crs-shared-client-client/pom.properties..META-INF/maven/com.azul.crs/crs-shared-client-client/pom.xml..META-INF/maven/com.azul.crs/crs-z-agent/pom.properties..META-INF/crslog.channels.cfg..META-INF/maven/com.azul.crs/crs-log/pom.xml..! jce.jar..javax/crypto..sun/security..# jfr.jar..jdk/management..jdk/jfr..! jsse.jar..com/sun/net/..sun/security..! management-agent.jar..@ resources.jar..META-INF/services/javax.sound.sampled.spi.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\net.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5352
                                                                                                                                                                                                    Entropy (8bit):4.817652960703195
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:6AcEvVEtGObfObz3Obm0ObPOnte3CO0V+r/aJ7SFvgTzDuBnZky:YEVGG4f4z34m04Pet5m27SRgTe9f
                                                                                                                                                                                                    MD5:8BC6628D01BAD30798440CC00F638165
                                                                                                                                                                                                    SHA1:FD9471742EB759F4478BB1DE9A0DC0527265B6EA
                                                                                                                                                                                                    SHA-256:31CE7CE29C66A1696A985A197195B5E051B2C243EA83E9D1DE614F0C4B4F7530
                                                                                                                                                                                                    SHA-512:8DA3439774A07A6309F985D1A29DDA5383975BBDF6B8E2809BAB69A2C44F65D3DE2A546231ED6E183864193F834C9A7042FDCC4EE10181D0BD3891363032C242
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:############################################################.# Default Networking Configuration File.#.# This file may contain default values for the networking system properties..# These values are only used when the system properties are not specified.# on the command line or set programatically..# For now, only the various proxy settings can be configured here..############################################################..# Whether or not the DefaultProxySelector will default to System Proxy.# settings when they do exist..# Set it to 'true' to enable this feature and check for platform.# specific proxy settings.# Note that the system properties that do explicitely set proxies.# (like http.proxyHost) do take precedence over the system settings.# even if java.net.useSystemProxies is set to true...java.net.useSystemProxies=false..#------------------------------------------------------------------------.# Proxy configuration for the various protocol handlers..# DO NOT uncomment th

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\psfont.properties.ja

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3793
                                                                                                                                                                                                    Entropy (8bit):5.260880283220047
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:R8grHIty/qHh+m2YPOWK89HoIbTUjbyuJdI2FylXLr96cpcnnI0adbEk+IqdouZ:yg8ThI1Y6CiPFylXLrMGyJU+B
                                                                                                                                                                                                    MD5:D4C735BF5756759A1C3BC8DE408629FC
                                                                                                                                                                                                    SHA1:67C15E05A398B4CE6409D530A058F7E1B2208C20
                                                                                                                                                                                                    SHA-256:5A4BD51B969BF187FF86D94F4A71FDFBFA602762975FA3C73D264B4575F7C78F
                                                                                                                                                                                                    SHA-512:8124B25DECFA64A65433FF2CE1F0F7BDF304ABE2997568ABC35264A705F07152AA993B543DA37C4132B4B1B606743C825C90A0EB17B268518D478F5CF0889062
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.#.# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, B

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\psfontj2d.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11390
                                                                                                                                                                                                    Entropy (8bit):5.012862319190609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:FTh7Pwn+Cyub3Ee4OECKDIcYOhAgZ50OKDQLT2IcpRuWRbHr9NRXUh/QTv9Ho39I:FThTxzubEFOEscAW5VKsCfHz8RPxGt
                                                                                                                                                                                                    MD5:17B15D370018ACC01550175882C7DA91
                                                                                                                                                                                                    SHA1:4EDD9E0FC3D30FBDCABCDCAAB3BC0B3157FC881E
                                                                                                                                                                                                    SHA-256:780C565D5AF3EE6F68B887B75C041CDF46A0592F67012F12EEB691283E92630A
                                                                                                                                                                                                    SHA-512:E4EE92D4598385CB2F6F3A4DB91DDABD7E615DC105ED26CDC5B5598D01C526CEA7726FF93F92A308350229F2E5A5DD64CC0C38865DD97666368A330B410D4892
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.#.# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, Boston,

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\resources.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3518599
                                                                                                                                                                                                    Entropy (8bit):6.0684600487139715
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:49152:LHvoy/NJv+Jsu35gxZ4I0h1w33YhKTAA4KL3g3ChcMni/BuKQopradVJk+P82mGi:kKlU/
                                                                                                                                                                                                    MD5:3F85188418D0899FC161F42CDCC78869
                                                                                                                                                                                                    SHA1:0D6C98CA1755FE1703C4B8019DBEAF3C804244D0
                                                                                                                                                                                                    SHA-256:E78CCE4BBF2F3D73A4F2D0AD81E24660A23CAF5B3AB0F5E1B39FE1AC0C559990
                                                                                                                                                                                                    SHA-512:DCA80459683F80AF17E2743B2F82B8DFA2EA24813D3C77AC04531A325B4D3C261DF19B19E227674198C709017A9B6E70F7D8026E0986814A669C51883EAA5785
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.R................META-INF/....PK.........[.R .M0...0.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_292..Specification-Vendor: Oracle Corporation..Specification-Title: Java Platform API Specification..Specification-Version: 1.8..Created-By: 1.8.0_282 (Azul Systems, Inc.)..Implementation-Vendor: N/A....PK........4W.R....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK........4W.R..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.image/x-xwindo

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\rt.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):63094732
                                                                                                                                                                                                    Entropy (8bit):6.002137073024513
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:393216:VQbPA0AMQwHIjnIPXrv6gFqv4r5IN3jSuMdFpTBJ1F:VQbPA0Mw0q3Q4r5IN3jSuMdFpTBJ1F
                                                                                                                                                                                                    MD5:4BD3207BADC51879AA221F15DD8CA003
                                                                                                                                                                                                    SHA1:1F931E83E232EFF45C2C5B63058DE42F8C413774
                                                                                                                                                                                                    SHA-256:71AB3100B1BB5116FF4E53235347B47DA50D9A33464104ABD48DB64AFC4B75AD
                                                                                                                                                                                                    SHA-512:9506D0FC41771D06D8A3A0ABA22EE94DFC1F86474C08199E88989E66B660B440506B33C6E754F8B0257A7306457657938D177520463C6F8A23B3747018A3BC31
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK.........[.R.\..............META-INF/MANIFEST.MF....Manifest-Version: 1.0..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_292..Specification-Vendor: Oracle Corporation..Specification-Title: Java Platform API Specification..Specification-Version: 1.8..Created-By: 1.8.0_282 (Azul Systems, Inc.)..Implementation-Vendor: N/A....Name: javax/swing/JRadioButton.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JWindow.class..Java-Bean: True....Name: javax/swing/JRadioButtonMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JMenuBar.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JTable.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JTabbedPane.class..Java-Bean: True....Name: javax/swing/JPanel.class..Java-Bean: Tru

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\rt.jar.p2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16432129
                                                                                                                                                                                                    Entropy (8bit):6.581214470305868
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:196608:htEt6KSgAA4DAVQPZbnevjz0V8NtaJTTFmFkoll/o:jlKPAA4DAVQPZbnevjIAkollg
                                                                                                                                                                                                    MD5:A7DDD38DE7A6D515978BD3786DB5F475
                                                                                                                                                                                                    SHA1:AE8B0B7204FC02113DC5B40CB2D6EE7DC7554AB8
                                                                                                                                                                                                    SHA-256:A7138824D761E3F2586F05226630C13FB538D405D095E5167C62B21390546DAA
                                                                                                                                                                                                    SHA-512:46CAE11274E4AEA0AC75B069E4E9325386A3F82FD5AA00EFD3E719AC4054C984F7B35760C99E7DC1B7B4BA09ABCBF13E049C3B37FC51372FDF89FAA2CC70A600
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...........;.....].B...'.*.(.!.....................{.........n.4......z.-,...++....:.-..JJ)..).+4..2+{T..-+.*+-+{...*)...*.+..3.+.*+*....qaI)...............................T/..-.............#$.....#$..................)....#......................................*-$.......*5('.....................................-J.9...................F......?....................................................................................................:..9................................................................................................................................................................&!.................................B................................................................................................................ .=............ ..............$.........!................................................................................................................................................"@..............................................(.......@...

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\blacklisted.certs

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2488
                                                                                                                                                                                                    Entropy (8bit):4.089749677426746
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:NvY6cQYAcJrrDQPUs4M4eKaZp2bKj4j/DCxqhDlCEof4eS/b:NvY6meUTM4eKaZp2Hj/M8CEO4eQ
                                                                                                                                                                                                    MD5:19E78890D61C0DFC65B291341C08BEBA
                                                                                                                                                                                                    SHA1:EE0288462FC32992A0F9DFAB5AEB3385412F0C4F
                                                                                                                                                                                                    SHA-256:96572F243F31C2EF81A6E627542E596F6A9295CFF3C7AE095C1B595CB1457DED
                                                                                                                                                                                                    SHA-512:C6D8D4EE0EB7EEB14532512FF4310DFF9DD4F31D112716FC67A1052D37EEF18D4BD6EB58301C76167AD35D31E73F5B28993F4DA8C5DE2DBE3836A5EF7E9C8B7E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Algorithm=SHA-256.03DB9E5E79FE6117177F81C11595AF598CB176AF766290DBCEB2C318B32E39A2.08C396C006A21055D00826A5781A5CCFCE2C8D053AB3C197637A4A7A5BB9A650.14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD.1C5E6985ACC09221DBD1A4B7BBC6D3A8C3F8540D19F20763A9537FDD42B4FFE7.1F6BF8A3F2399AF7FD04516C2719C566CBAD51F412738F66D0457E1E6BDE6F2D.2A464E4113141352C7962FBD1706ED4B88533EF24D7BBA6CCC5D797FD202F1C4.31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133.3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66.3E11CF90719F6FB44D94EAC9A156B89BEBE7B8598F28EC58913F2BFCAF91D0C0.423279423B9FC8CB06F1BB7C3B247522B948D5F18939F378ECC901126DE40BFB.450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2.4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE.4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176.535D04DFCE027C70BD5F8A9E0AD4F218E9AFDCF5BBCF9B6DE0D81E148E2E3172.568FAF38D9F155F624838E2181B1CEB4D8459305EE652B0F810C97C3611BFE19.585CFE6

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\cacerts

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java KeyStore
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):161500
                                                                                                                                                                                                    Entropy (8bit):7.640849249254984
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:2FWRR6Upv9N0Wju14H1UbiEJ2vtCU9ly8pqrtV+SLZ:xyUpv9zjb1gJ2F5pqJV+6
                                                                                                                                                                                                    MD5:3C75635BF0BDC4AF0ED6FE0B24FD28DB
                                                                                                                                                                                                    SHA1:29328FC6B4DA24F66E4DC8D6BBAD2D3CCC185F4D
                                                                                                                                                                                                    SHA-256:29DC7D02D3EEBC9B5E9F3CB8783C4ADCE394E45C8EE00BF311DA28955F9DDEF7
                                                                                                                                                                                                    SHA-512:A09D6AA19C2C6201E0B5E6AC491FC7B1ACE17B8C4669202032B9401922A387EB13BDE7778F63B2A85A88DF63589AFF350642467E6FDBACB229D30E367BA8EF36
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:................."cert_100_trustcor_rootcert_ca_1100...x..6...X.509...40..00.............q....0...*.H........0..1.0...U....PA1.0...U....Panama1.0...U....Panama City1$0"..U....TrustCor Systems S. de R.L.1'0%..U....TrustCor Certificate Authority1.0...U....TrustCor RootCert CA-10...160204123216Z..291231172316Z0..1.0...U....PA1.0...U....Panama1.0...U....Panama City1$0"..U....TrustCor Systems S. de R.L.1'0%..U....TrustCor Certificate Authority1.0...U....TrustCor RootCert CA-10.."0...*.H.............0..............&.k3..@X..Y.......P{.. &.2..#TI%."..F...N..,.8..%h..Z....H...t>i..x.....^...'zR.-..a$.....R..$....~.t...l)..Q...W.....$K*......~B:...S.h..L.p?.J,..&.ci....N.G.....M.ln.`...!....s..w.E.Z&.fvv...am.U...Vr.......d..Z..p.$..(.+.j..z..y..e.......c0a0...U.......kI<z?........s3P.0...U.#..0....kI<z?........s3P.0...U.......0....0...U...........0...*.H.............%........S.-D)...k1.M...=\Ao.+$.y.:86..f.H....=....u? ..r.U.Md.....3..).....t..}r..\......f..f;..:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\java.policy

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2567
                                                                                                                                                                                                    Entropy (8bit):4.45603018852527
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:hjrUah3ontU2H+h/ic1mo8vwwQcNpIjLSkLuodAZdgh1ykt0wSDW:R4fc17wVNwltJKW
                                                                                                                                                                                                    MD5:FB70580FC6A4B1DA1107E311ECD24550
                                                                                                                                                                                                    SHA1:0F5615748A51CDA1D38882866D6D330B52681507
                                                                                                                                                                                                    SHA-256:C22944481DEAB4FD7C2B7668FC9AAEDF28B2424EDD71C1FBD13100FC2A5621E6
                                                                                                                                                                                                    SHA-512:4BA81B7F3A70846244CE486514ADACC6BECFBC702AA6E7EBF1291987EC0DCEBC6A99B126D7AA3809B65472CB4C86562C612AE1A71CB888DB75F1934C9E2D4C64
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.// Standard extensions get all permissions by default..grant codeBase "file:${{java.ext.dirs}}/*" {. permission java.security.AllPermission;.};..// default permissions granted to all domains..grant {. // Allows any thread to stop itself using the java.lang.Thread.stop(). // method that takes no argument.. // Note that this permission is granted by default only to remain. // backwards compatible.. // It is strongly recommended that you either remove this permission. // from this policy file or further restrict it to code sources. // that you specify, because Thread.stop() is potentially unsafe.. // See the API specification of java.lang.Thread.stop() for more. // information.. permission java.lang.RuntimePermission "stopThread";.. // allows anyone to listen on dynamic ports. permission java.net.SocketPermission "localhost:0", "listen";.. // "standard" properies that can be read by anyone..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\java.security

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):51160
                                                                                                                                                                                                    Entropy (8bit):4.830086828515538
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:Y8obod6U3O5O9Wgw2+JuN2gQ01pdYRk0z+6qLWHo69QZW93jfGgqcNhXLJyP1zV9:Y2pD2xz+6qLWI1Ze6hczoP1KkJwQ/
                                                                                                                                                                                                    MD5:0BAD2B7D641170EF24F1820892DB1895
                                                                                                                                                                                                    SHA1:3032321DAC0EEDAD0FD39ECBCFDE67CD2136518C
                                                                                                                                                                                                    SHA-256:1D1C9591EBE5C4C679CCEC83DAAA66A223C2C5304801B37602F95A3671701426
                                                                                                                                                                                                    SHA-512:AFBF39C08043EE163A253C3905822BE0368BF836DA495E3BD088D4F47A1C5C7306074D8DEC366BE02A8D1E62D70EC70D89FA85267B8203E5A3257DE95F266108
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.# This is the "master security properties file"..#.# An alternate java.security properties file may be specified.# from the command line via the system property.#.# -Djava.security.properties=<URL>.#.# This properties file appends to the master security properties file..# If both properties files specify values for the same key, the value.# from the command-line properties file is selected, as it is the last.# one loaded..#.# Also, if you specify.#.# -Djava.security.properties==<URL> (2 equals),.#.# then that properties file completely overrides the master security.# properties file..#.# To disable the ability to specify an additional properties file from.# the command line, set the key security.overridePropertiesFile.# to false in the master security properties file. It is set to true.# by default...# In this file, various security properties are set for use by.# java.security classes. This is where users can statically register.# Cryptography Package Providers ("providers" fo

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\legacy8ujsse.security

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):895
                                                                                                                                                                                                    Entropy (8bit):4.672159987972357
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:zc6sdx7nRycpTbr8OwoJP41a+SR3hcUP8sC84:65pXYfoJQfSVXi
                                                                                                                                                                                                    MD5:AA64EF4751231E23D788E2CF0781FAB8
                                                                                                                                                                                                    SHA1:1D78FE7D2C0432C8E6B367935D75CD9CC5F0BA67
                                                                                                                                                                                                    SHA-256:F34EC2ACE81A667231BC8BE9D952A269B7840182308A53613DD3E950673A284C
                                                                                                                                                                                                    SHA-512:9D138D9FC58FA22F0A3AE3CA6BD9C3C9EF9D8E4837C5AEAE2FD44DA8352D44B2C7506D30ABBB0C156E5F28E1CAC7E22E60697EE91CB56A265C428237C3C4E341
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.# This is the Legacy8uJSSE provider security properties file..#.# This property file replaces standard SunJSSE provider with Legacy8uJSSE.# provider to fallback TLSv1.2 protocol functionality..# legacy8ujsse.security properties file may be specified.# from the command line via the system property.#.# -Djava.security.properties=<Path to openjsse.security>.#.# This properties file appends to the master security properties file..# If both properties files specify values for the same key, the value.# from the command-line properties file is selected, as it is the last.# one loaded..#.# Also, if you specify.#.# -Djava.security.properties==<URL> (2 equals),.#.# then that properties file completely overrides the master security.# properties file..#..#.# Legacy8uJSSE security provider in place of SunJSSE provider:.#.security.provider.4=org.openjsse.legacy8ujsse.net.ssl.Legacy8uJSSE.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\openjsse.security

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):861
                                                                                                                                                                                                    Entropy (8bit):4.625004256741321
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:LHPBsZrIXY7nRgvFtwxp3CxSqua6tD/Or8OwbsZbsuCDs87tCUaqF7qJwYUr/sRx:1sdx7nR9/Ulr8OwoJP41a+SR3u4P8sj
                                                                                                                                                                                                    MD5:E31CE3042128DB15A82B3EE52BF8F5B1
                                                                                                                                                                                                    SHA1:521CB789EF0BEE21FB48182CD3B1265DD621F471
                                                                                                                                                                                                    SHA-256:982D1D26E79A9108464E5928E043D8097BDFBA7CBCC6C2E13AD40D1FDCC2DCA0
                                                                                                                                                                                                    SHA-512:76F291EDC30F95DBC22B365DDC85A11581199BACC34BC047861B696953BED26B9FD2098D14F16267622C219B53EEA7794F9CF8F0D16CF3ED22B1B4DA473B380A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.# This is the OpenJSSE provider security properties file..#.# This property file replaces standard SunJSSE provider with OpenJSSE.# provider to enable TLSv1.3 protocol functionality..# azul.java.security properties file may be specified.# from the command line via the system property.#.# -Djava.security.properties=<Path to openjsse.security>.#.# This properties file appends to the master security properties file..# If both properties files specify values for the same key, the value.# from the command-line properties file is selected, as it is the last.# one loaded..#.# Also, if you specify.#.# -Djava.security.properties==<URL> (2 equals),.#.# then that properties file completely overrides the master security.# properties file..#..#.# OpenJSSE security provider in place of SunJSSE provider:.#.security.provider.4=org.openjsse.net.ssl.OpenJSSE.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\policy\limited\US_export_policy.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):622
                                                                                                                                                                                                    Entropy (8bit):5.771794420654349
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:5j6MGJj6wqN0W79TBmjD0iHDuEq5DKxQ2yw6x2KHNqQ4iHC89tn:96MGt6b2W9T0JHa1sQ2p6xXNBBHRf
                                                                                                                                                                                                    MD5:A3207BB552DC73C0DAAF8B8F7C08AB7E
                                                                                                                                                                                                    SHA1:47EE39E20059A15A263A841B60D235973FF2FA7E
                                                                                                                                                                                                    SHA-256:BEE92F84EE25E8818EEBEA3AEA0C6A090C9E799BE43640AA76BA64EC1B87E675
                                                                                                                                                                                                    SHA-512:2FA2D9AB88E8B8E6174370D2D311C2047484B186C4D6F63526ADC56BA0B58E2A1FBCAD504A0D1FAFA7A593E9EF310CC314CFEC047996E79BDF2D4603F1E29FC3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/......PK..............PK........b[.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r..,(....)J.K/.R(.....,IM..&...N. ..z..F.F...U.9....%...:..y.z..\.\.PK...'..]...a...PK........a[.R................default_US_export.policy=.1..0.E... 9@'.....(m.R;r\D..;....p!.g..............%%..b..!.+....\A2@uQc_......._q..=c..\.....?...S..PK...(T|s.......PK..........b[.R..............................META-INF/....PK..........b[.R.'..]...a.................=...META-INF/MANIFEST.MFPK..........a[.R.(T|s.........................default_US_export.policyPK....................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\policy\limited\local_policy.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1042
                                                                                                                                                                                                    Entropy (8bit):6.544805147318857
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:96MGt6bYdTWFpOixvbzLTSFj/5j/rH358EYwOp9xQ2yxUQ//p6:9wtpdTWFJP+p/5j/b3969xHyxT/h6
                                                                                                                                                                                                    MD5:BCF9F9C080079441B1726FEBDD8637D9
                                                                                                                                                                                                    SHA1:3BEF019E9396A82BEE999C97A0290026424FF556
                                                                                                                                                                                                    SHA-256:D139D7395FCBE5A7648FD332DF3465334DB63F2DB41CD6A7CB552A9BEBE18C46
                                                                                                                                                                                                    SHA-512:17733DD22C458BB645DFDAE93FC336C7C92524E05AC05BBC0FE0E98ACEEEB7DDAF7872B9FE651BA0BDDC6329117CC619604BEB2EDCD324DEB7D0FA4DC12E0C42
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/......PK..............PK........b[.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r..,(....)J.K/.R....,IM..&...N. ..z..F.F...U.9....%...:..y.z..\.\.PK..i...[..._...PK........a[.R................default_local.policy...j.@.....C.A6(..<.z../.M.fd.1..J...&-.E.d..3|.........ld......x..4....../>:....b+...i./.N.EQ@.....L.B.i.B.X....RydC!P..U.>.........vWe3x*W.9l0..X.e.H.|.<..|X..a.X...+V.#r...p|.r*..s....9./p....o...]W..PK..;.=f........PK........a[.R................exempt_local.policy..N.0....Oq..!..R"*..H..;..|..,..w.+qiw...O...$./KVa..n%p..("'...e....P.4.....9..{.9F...J...1....2h.._.Is+r.Ps.+7...opq*..R..x..|YI...X.....$q...[.=.....{..E.G...Kk......\S.J.2.._...........PK.............PK..........b[.R..............................META-INF/....PK..........b[.Ri...[..._.................=...META-INF/MANIFEST.MFPK..........a[.R;.=f..........................default_local.policyPK..........a[.R............................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\policy\unlimited\US_export_policy.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):622
                                                                                                                                                                                                    Entropy (8bit):5.771794420654349
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:5j6MGJj6wqN0W79TBmjD0iHDuEq5DKxQ2yw6x2KHNqQ4iHC89tn:96MGt6b2W9T0JHa1sQ2p6xXNBBHRf
                                                                                                                                                                                                    MD5:A3207BB552DC73C0DAAF8B8F7C08AB7E
                                                                                                                                                                                                    SHA1:47EE39E20059A15A263A841B60D235973FF2FA7E
                                                                                                                                                                                                    SHA-256:BEE92F84EE25E8818EEBEA3AEA0C6A090C9E799BE43640AA76BA64EC1B87E675
                                                                                                                                                                                                    SHA-512:2FA2D9AB88E8B8E6174370D2D311C2047484B186C4D6F63526ADC56BA0B58E2A1FBCAD504A0D1FAFA7A593E9EF310CC314CFEC047996E79BDF2D4603F1E29FC3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/......PK..............PK........b[.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r..,(....)J.K/.R(.....,IM..&...N. ..z..F.F...U.9....%...:..y.z..\.\.PK...'..]...a...PK........a[.R................default_US_export.policy=.1..0.E... 9@'.....(m.R;r\D..;....p!.g..............%%..b..!.+....\A2@uQc_......._q..=c..\.....?...S..PK...(T|s.......PK..........b[.R..............................META-INF/....PK..........b[.R.'..]...a.................=...META-INF/MANIFEST.MFPK..........a[.R.(T|s.........................default_US_export.policyPK....................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\security\policy\unlimited\local_policy.jar

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:Java archive data (JAR)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):640
                                                                                                                                                                                                    Entropy (8bit):5.880251693934363
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:5j6MGJj6wqN0W79TBmjDFPWRtGQNpn7usuxQ2yw6x2Ko85:96MGt6b2W9T0hPWXNnqzQ2p6xb5
                                                                                                                                                                                                    MD5:381979B5F405D8CD5765B1103F3F66BA
                                                                                                                                                                                                    SHA1:EE2FE2FE878069A24083452507B64CDDEA42A018
                                                                                                                                                                                                    SHA-256:C8B47BAB8113A01D0536EF0D338A4DF4C2FC168CEEB6BDCB5316C4D03399E4DC
                                                                                                                                                                                                    SHA-512:A98824D39A70F7012E03A61A5F7CBAB58C6C86A33DE4D0AB6FAF41F9093840BFAEE78341CCD4DB557716021C3ECFA3336205E60F1B9ED57DF5B8E49B04FF2390
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:PK........b[.R................META-INF/......PK..............PK........b[.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r..,(....)J.K/.R(.....,IM..&...N. ..z..F.F...U.9....%...:..y.z..\.\.PK...'..]...a...PK........a[.R................default_local.policy=....0....5.]@N(.p....$....]>..w. ...23!`..b...Q..Z.6L..S...`R<.....+...$.U......f...v.......[B..d...!.J............./....s.?0.}...PK..e..c........PK..........b[.R..............................META-INF/....PK..........b[.R.'..]...a.................=...META-INF/MANIFEST.MFPK..........a[.Re..c..........................default_local.policyPK....................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\sound.properties

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1210
                                                                                                                                                                                                    Entropy (8bit):4.681309933800066
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:va19LezUlOGdZ14BilDEwG5u3nVDWc/Wy:iaLGr1OsS5KnVaIWy
                                                                                                                                                                                                    MD5:4F95242740BFB7B133B879597947A41E
                                                                                                                                                                                                    SHA1:9AFCEB218059D981D0FA9F07AAD3C5097CF41B0C
                                                                                                                                                                                                    SHA-256:299C2360B6155EB28990EC49CD21753F97E43442FE8FAB03E04F3E213DF43A66
                                                                                                                                                                                                    SHA-512:99FDD75B8CE71622F85F957AE52B85E6646763F7864B670E993DF0C2C77363EF9CFCE2727BADEE03503CDA41ABE6EB8A278142766BF66F00B4EB39D0D4FC4A87
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:############################################################.# Sound Configuration File.############################################################.#.# This properties file is used to specify default service.# providers for javax.sound.midi.MidiSystem and.# javax.sound.sampled.AudioSystem..#.# The following keys are recognized by MidiSystem methods:.#.# javax.sound.midi.Receiver.# javax.sound.midi.Sequencer.# javax.sound.midi.Synthesizer.# javax.sound.midi.Transmitter.#.# The following keys are recognized by AudioSystem methods:.#.# javax.sound.sampled.Clip.# javax.sound.sampled.Port.# javax.sound.sampled.SourceDataLine.# javax.sound.sampled.TargetDataLine.#.# The values specify the full class name of the service.# provider, or the device name..#.# See the class descriptions for details..#.# Example 1:.# Use MyDeviceProvider as default for SourceDataLines:.# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider.#.# Example 2:.# Specify the default Synthesizer by it

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\tzdb.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):107933
                                                                                                                                                                                                    Entropy (8bit):7.13299599118755
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:W0E/mfELs/bMr2mXQaRPpGS8FcSOUqBC/////2VRrcnrmOjNya5PYcWtB:WeEO/KQQMS2JOUqJrrcvjNP5vWH
                                                                                                                                                                                                    MD5:65DCE0DCCFA08AFEB0D0A90299472A1C
                                                                                                                                                                                                    SHA1:F4AB688F351B42DA5F838D7D4394B6E8E9A5DA27
                                                                                                                                                                                                    SHA-256:71B565F7BF606B14997EC9C85FF9550A82F96D21E247FAE0D283D07CB31D9AB2
                                                                                                                                                                                                    SHA-512:D8FC1C247A689C6C462BF702D015F3BF76EDBFA105381ACA6FFA5DF1400995CD21552A08A2B2F1E8D5D9502FD73BB386811F913DB2EC4710AF224C10506C1247
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...TZDB....2021a.X..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\tzmappings

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9577
                                                                                                                                                                                                    Entropy (8bit):5.17061677089257
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:qwfOC9OYOxUmHomjgDwlZ+TFXsq2H+aUHCHQj4SV0l2:qqgniTyq06a2
                                                                                                                                                                                                    MD5:62BC9FA21191D34F1DB3ED7AD5106EFA
                                                                                                                                                                                                    SHA1:750CC36B35487D6054E039469039AECE3A0CC9E9
                                                                                                                                                                                                    SHA-256:83755EFBCB24476F61B7B57BCF54707161678431347E5DE2D7B894D022A0089A
                                                                                                                                                                                                    SHA-512:AF0DDB1BC2E9838B8F37DC196D26024126AC989F5B632CB2A8EFDC29FBCE289B4D0BAC587FE23F17DFB6905CEADA8D07B18508DB78F226B15B15900738F581A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:#.# This file describes mapping information between Windows and Java.# time zones..# Format: Each line should include a colon separated fields of Windows.# time zone registry key, time zone mapID, locale (which is most.# likely used in the time zone), and Java time zone ID. Blank lines.# and lines that start with '#' are ignored. Data lines must be sorted.# by mapID (ASCII order)..#.# NOTE.# This table format is not a public interface of any Java.# platforms. No applications should depend on this file in any form..#.# This table has been generated by a program and should not be edited.# manually..#.Romance:-1,64::Europe/Paris:.Romance Standard Time:-1,64::Europe/Paris:.Warsaw:-1,65::Europe/Warsaw:.Central Europe:-1,66::Europe/Prague:.Central Europe Standard Time:-1,66::Europe/Prague:.Prague Bratislava:-1,66::Europe/Prague:.W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:.FLE:-1,67:FI:Europe/Helsinki:.FLE Standard Time:-1,67:FI:Europe/Helsinki:.GFT:-1,6

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\readme.txt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1185
                                                                                                                                                                                                    Entropy (8bit):5.084564154972492
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:urm1n9bx43UQdOXBn2vy2BvlxO41OMkOVrC+tBPfRKop0rvYaoH9yUycdy:uK9b+EUy2Jlx9OMkORC+zPfRKoTaVh
                                                                                                                                                                                                    MD5:A063C3A29A2B79A9D1CDF3C93FD35C1C
                                                                                                                                                                                                    SHA1:B0700504EB0BDFC3031B54FD638A8C73F7EA7C7C
                                                                                                                                                                                                    SHA-256:D44F3200FACD3C3374296A57DFDE566C74A6C52229289B481A35AEC3678D7540
                                                                                                                                                                                                    SHA-512:DFD243EBE27B83A4BDC016BDEC6ABBF69A80317DB21AC713372FE674E6EE7E81BBEF9EB2D902D41F9584D46B1232815D141CD8A9AEFD51033AEAD5172EE028D0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: .. Certain portions of this software are based on source code from OpenJDK.(http://openjdk.java.net/) and licensed under the GNU General Public.License version 2 (GPLv2) with the Classpath Exception (http://.openjdk.java.net/legal/gplv2+ce.html). For a period of three years from.the date of your receipt of this software, Azul will provide upon.request, a complete machine readable copy of the source code for such.portions based on OpenJDK on a medium customarily used for software.interchange for a charge no more than the cost of physically performing.source distribution.... Please email azul_openjdk@azul.com for further information... Include this version code in your email:. zsrc8.54.0.21-jdk8.0.292 ddbdd8cb2baad6bc8ba9ee6bae1f24fec034993135733c9494216548724edf6db7c4e614b25cfd0119eb9031626c14a23e7fb053004e0733e36d3fa07bc7726c80590e135d06f3ed60679dae23afc593fda877e2c14d1f089c29cb457354cd3000427fcb2ef92f98c3530f6db0f00766cb0b39ac7ff78a7241a03c4a76e90e534

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\release

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):238
                                                                                                                                                                                                    Entropy (8bit):5.4008250892283876
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:GqN2BkKqzqLSmz/etFzcxU6gEfB6lyJ7/lSlyvVN:G4sk18BKtFzSpf8lyN/lSi
                                                                                                                                                                                                    MD5:D50FC22FD5A0DC4020A71656F6B3181C
                                                                                                                                                                                                    SHA1:6031063CDEAEED65F9B25BE72858B3606758A84F
                                                                                                                                                                                                    SHA-256:5AD7D648800293ECE1173ED6789313E2179BF9176EC9C8E4C2B1736FBEDB1242
                                                                                                                                                                                                    SHA-512:6DB5821624CCC20673027ED29A5F12B170FF90B9E9715997635639021E308A0459CE4B454125DA431317FBE806E50CFA75B7C4182C0832867AB0BFC9B25B4616
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:JAVA_VERSION="1.8.0_292".OS_NAME="Windows".OS_VERSION="5.1".OS_ARCH="i586".SOURCE=" .:ddbdd8cb2baa corba:35733c949421 hotspot:19eb9031626c jaxp:7bc7726c8059 jaxws:fda877e2c14d jdk:2ef92f98c353 langtools:41a03c4a76e9 nashorn:358b46c5010a".

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\logs\GenericUpdater-2024-04-20-12-29-02-450-pid0.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (318), with CRLF, CR, LF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):26029
                                                                                                                                                                                                    Entropy (8bit):5.318213924374854
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:DFpYZ82z0072XopSUuR72Vf2rqn+49Y4sD:DvYZc0mmW
                                                                                                                                                                                                    MD5:4DB4FAB79459D135BFC13DE7821B5675
                                                                                                                                                                                                    SHA1:D83BE33B94D2F827BFC235263754ADF84BED8005
                                                                                                                                                                                                    SHA-256:3FF86E79DF1C9847599FF1B093F3A14197A11F296E54235B0D56EA983B3740A6
                                                                                                                                                                                                    SHA-512:75BEAECB06CDD44D162DE3818FBBEDF94151898333A901B1E52BF3B80AFD6EFEEDB4F3588A3FB67D41DACFB3A6328D4A81E1D9F33F9FD7456103EA5B82A36E60
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:88942450 (+ 0) [LogFolderCleaner] Keeping Wrapper-2024-04-20-12-27-10-884.log..88942450 (+ 0) [LogFolderCleaner] Keeping GenericUpdater-2024-04-20-12-29-02-450-pid0.log..88942450 (+ 0) [GenericUpdater] Starting..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_auto_disable_appnap=[true]..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_jre_name=[Windows32JRE]..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_language=[en]..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_match_versions=[true]..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_requestelevation=[false]..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_shpkhash=[2bd905b4df615122bcc8ddc3b18ca6859d0f3e3e8c5ac37cc074894a13f6b72879b78be752f422b01fb1ac49d870dd149a5...]..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_skip_system_jre=[1]..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_splash_buffer=[20]..88942450 (+ 0) [JWrapperLaunchProperty] jwdyna_splash_image=[iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\logs\Remote Support-Remote Support-2024-04-20-12-28-08-104-pid6224.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1739), with CRLF, LF line terminators
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):24326
                                                                                                                                                                                                    Entropy (8bit):5.497561247007768
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:j+xp5YvsWGgrdq4zQKCv+mOkYjCMAukJP:j+LuvUgrdqsQKCv+d9s
                                                                                                                                                                                                    MD5:D7692D15FA9172F6BFD1A697AD28B2DB
                                                                                                                                                                                                    SHA1:17992A7A73904032AAC094B0DEADAACD448B0845
                                                                                                                                                                                                    SHA-256:27227DE16C96EEEDE503E26F7E6E463B89944E040FB79CF47EC8F767AFF2C3E7
                                                                                                                                                                                                    SHA-512:FB4E32F688ECCE49026A19F90959B7616BF0E7D83974C13DA98B786970D9222A72610252FBE002455437DC19E7C7C2AF76F98DD6CAA0E9EDD7D897F2B2285187
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:88888120 (+ 16) [LogFolderCleaner] Keeping Wrapper-2024-04-20-12-27-10-884.log..88888120 (+ 0) [LogFolderCleaner] Keeping Remote Support-Remote Support-2024-04-20-12-28-08-104-pid6224.log..88888120 (+ 0) [LogFolderCleaner] Keeping GenericUpdater-2024-04-20-12-29-02-450-pid0.log..88888120 (+ 0) [JWNative] Loaded C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\jwutils_win32.dll..88888120 (+ 0) [JWrapper] Running as user..88888120 (+ 0) [JWrapper] Process ID: 6224..88888120 (+ 0) [JWrapper] Environment: {USERDOMAIN_ROAMINGPROFILE=user-PC, LOCALAPPDATA=C:\Users\user\AppData\Local, PROCESSOR_LEVEL=6, USERDOMAIN=user-PC, FPS_BROWSER_APP_PROFILE_STRING=Internet Explorer, LOGONSERVER=\\user-PC, SESSIONNAME=Console, ALLUSERSPROFILE=C:\ProgramData, PROCESSOR_ARCHITECTURE=x86, PSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\Auto

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\JWrapper-Remote Support\logs\Wrapper-2024-04-20-12-27-10-884.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (387), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):92557
                                                                                                                                                                                                    Entropy (8bit):5.190018105273244
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:uGDHSsGT2wLfsFY6WoXrOxnAcUaInYCt5+nh3mZ/OY:uGwAcUaIEY
                                                                                                                                                                                                    MD5:B95E9541B5FF1D75D97EE2A344E6105A
                                                                                                                                                                                                    SHA1:D542CA8EF0F9C80ACCF938C13D46A888B6B8F14B
                                                                                                                                                                                                    SHA-256:64DF80E1F1585A9B400CAB488B203464FDDCDA3C79FBDD7C4253D70773D72DE4
                                                                                                                                                                                                    SHA-512:ABD0BB5CBE455842071F8F3A1F6617EAE8821AB10739A9AE06E649E39DA0F8264AE939492653A93713F7AC7FA2F0DA5163723EB2B2E321AA74B0AA48063D5EFC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:+0 [JREOverride] No JRE name override, will continue to use Windows32JRE..+0 [Extractor] GenericUpdater version is 00102236230..+0 [Extractor] OFFLINE wrapper: App version is 00102236241..+0 [Extractor] Checking for a latest valid GU..+0 [Extractor] No latest GU or JRE version exists, will check tail for online/offline info..+0 [Extractor] Note: No latest JRE version exists..+0 [Extractor] Note: No latest GU version exists..+0 [Extractor] Creating C:\Users\user\AppData\Roaming\JWrapper-Remote Support\logs..+0 [Extractor] Creating C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps..+0 [Extractor] Creating C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig..+0 [Extractor] GU folder is C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete..+0 [Extractor] GU temp is C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45
                                                                                                                                                                                                    Entropy (8bit):0.9111711733157262
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:/lwlt7n:WNn
                                                                                                                                                                                                    MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                                                                                    SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                                                                                    SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                                                                                    SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................J2SE.

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):7.999206162352075
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                    File name:SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    File size:28'436'544 bytes
                                                                                                                                                                                                    MD5:f02aaaf0d308cf00b19cd2ee4f389ac5
                                                                                                                                                                                                    SHA1:dd2fa4b5d4b10a33551ba682b5e9d1dddbe127c5
                                                                                                                                                                                                    SHA256:cf78a3bb1b9513d9c31bde6e6e36860570cd7d192f1a862c8545ea2d2df11c38
                                                                                                                                                                                                    SHA512:f974bca69fa1b01014c35d8889c08e6fa771cab03c12723414e99a4a7bbc392710e81a506ff36f114ca4154663bee0002f346dca3a9c40dc061ed2ea8a4a1e09
                                                                                                                                                                                                    SSDEEP:393216:3x5vAtM900k3ClwrwsWE3RaKGYeq9cwFE0dMPx+vGMeO36we3FwQJwN2GEE3WyxB:bDAwDE7elaEtyG7O36we3F+N2x+pGaR
                                                                                                                                                                                                    TLSH:F8573328A6A6DF7DDF231BFD904E44EA9A6F9DE313C5007227F059C686147D0840EEAD
                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...Mt..Mt..Mt......Mt......Mt.(.p..Mt......Lt..5...Mt.yB)..Mt..Mu.sMt......Mt......Mt......Mt.Rich.Mt.........PE..L.....?d...

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:32fcf0b0b4b0fcb4

                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Entrypoint:0x41ebe0
                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                    DLL Characteristics:
                                                                                                                                                                                                    Time Stamp:0x643FD606 [Wed Apr 19 11:52:38 2023 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:a0722f4d4407b49f848f72fd4df721d0

                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                    Signature Valid:true
                                                                                                                                                                                                    Signature Issuer:CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                    Error Number:0
                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                    • 25/02/2021 01:00:00 26/02/2024 00:59:59
                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                    • CN=SimpleHelp Ltd, O=SimpleHelp Ltd, STREET=Galavale, L=Broughton, S=Scottish Borders, PostalCode=ML12 6HQ, C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=SC331902
                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                    Thumbprint MD5:0A2FD4D1CDC852678A40CBCCFD4B7FBD
                                                                                                                                                                                                    Thumbprint SHA-1:F23372E12D37178544ACD7448F469CCAF71AD244
                                                                                                                                                                                                    Thumbprint SHA-256:472B1939ED7DF19BAD95512E63CA44AAC4D95A7109D31F98A042E45C37A5A630
                                                                                                                                                                                                    Serial:00C74F79C78393EBF22858E9AD3914567F

                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    call 00007FD56CDE8D4Bh
                                                                                                                                                                                                    jmp 00007FD56CDDF975h
                                                                                                                                                                                                    mov eax, dword ptr [esp+04h]
                                                                                                                                                                                                    mov dword ptr [0044AFE0h], eax
                                                                                                                                                                                                    mov dword ptr [0044AFE4h], eax
                                                                                                                                                                                                    mov dword ptr [0044AFE8h], eax
                                                                                                                                                                                                    mov dword ptr [0044AFECh], eax
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    mov eax, dword ptr [esp+04h]
                                                                                                                                                                                                    mov ecx, dword ptr [00448DCCh]
                                                                                                                                                                                                    push esi
                                                                                                                                                                                                    cmp dword ptr [eax+04h], edx
                                                                                                                                                                                                    je 00007FD56CDDFB42h
                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                    imul esi, esi, 0Ch
                                                                                                                                                                                                    add esi, dword ptr [esp+08h]
                                                                                                                                                                                                    add eax, 0Ch
                                                                                                                                                                                                    cmp eax, esi
                                                                                                                                                                                                    jc 00007FD56CDDFB1Dh
                                                                                                                                                                                                    imul ecx, ecx, 0Ch
                                                                                                                                                                                                    add ecx, dword ptr [esp+08h]
                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                    cmp eax, ecx
                                                                                                                                                                                                    jnc 00007FD56CDDFB37h
                                                                                                                                                                                                    cmp dword ptr [eax+04h], edx
                                                                                                                                                                                                    je 00007FD56CDDFB34h
                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    push dword ptr [0044AFE8h]
                                                                                                                                                                                                    call 00007FD56CDE2402h
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    push 00000020h
                                                                                                                                                                                                    push 00446088h
                                                                                                                                                                                                    call 00007FD56CDE1369h
                                                                                                                                                                                                    xor edi, edi
                                                                                                                                                                                                    mov dword ptr [ebp-1Ch], edi
                                                                                                                                                                                                    mov dword ptr [ebp-28h], edi
                                                                                                                                                                                                    mov ebx, dword ptr [ebp+08h]
                                                                                                                                                                                                    cmp ebx, 0Bh
                                                                                                                                                                                                    jnle 00007FD56CDDFB7Eh
                                                                                                                                                                                                    je 00007FD56CDDFB47h
                                                                                                                                                                                                    mov eax, ebx
                                                                                                                                                                                                    push 00000002h
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    sub eax, ecx
                                                                                                                                                                                                    je 00007FD56CDDFB54h
                                                                                                                                                                                                    sub eax, ecx
                                                                                                                                                                                                    je 00007FD56CDDFB3Ah
                                                                                                                                                                                                    sub eax, ecx
                                                                                                                                                                                                    je 00007FD56CDDFB96h
                                                                                                                                                                                                    sub eax, ecx
                                                                                                                                                                                                    jne 00007FD56CDDFB76h
                                                                                                                                                                                                    call 00007FD56CDE2583h
                                                                                                                                                                                                    mov edi, eax
                                                                                                                                                                                                    mov dword ptr [ebp-28h], edi
                                                                                                                                                                                                    test edi, edi
                                                                                                                                                                                                    jne 00007FD56CDDFB46h
                                                                                                                                                                                                    or eax, FFFFFFFFh
                                                                                                                                                                                                    jmp 00007FD56CDDFC96h
                                                                                                                                                                                                    mov esi, 0044AFE0h
                                                                                                                                                                                                    mov eax, dword ptr [0044AFE0h]
                                                                                                                                                                                                    jmp 00007FD56CDDFB92h
                                                                                                                                                                                                    push dword ptr [edi+5Ch]
                                                                                                                                                                                                    mov edx, ebx
                                                                                                                                                                                                    call 00007FD56CDDFA95h
                                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                                    add esi, 08h

                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                    • [ASM] VS2005 build 50727
                                                                                                                                                                                                    • [C++] VS2005 build 50727
                                                                                                                                                                                                    • [ C ] VS2005 build 50727
                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                    • [RES] VS2005 build 50727
                                                                                                                                                                                                    • [LNK] VS2005 build 50727

                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x467140xb4.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x5a0000xa282.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x1ae72a80x37598
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x45c000x40.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x380000x2b8.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x464540x40.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                    Sections

                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    .text0x10000x36b1d0x37000928c804b7410ea9e63ed3caa813c75fcFalse0.5422096946022728data6.676929560475119IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rdata0x380000xf6c80x10000205a447641ccc7debd7dfaf877a24b54False0.5134124755859375data6.435275400199736IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .data0x480000x110b80x20003d6aa2868c747816018eef009b0b90ceFalse0.31005859375data4.509497843518372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    .rsrc0x5a0000xa2820xb00026ca4802a9dfd239b1bc60e3f04653b2False0.5623668323863636data5.919706892153917IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                    Resources

                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                    RT_ICON0x5a1f00x528Device independent bitmap graphic, 16 x 32 x 32, image size 12800.48333333333333334
                                                                                                                                                                                                    RT_ICON0x5a7180xb68Device independent bitmap graphic, 24 x 48 x 32, image size 28800.3886986301369863
                                                                                                                                                                                                    RT_ICON0x5b2800x1428Device independent bitmap graphic, 32 x 64 x 32, image size 51200.30271317829457367
                                                                                                                                                                                                    RT_ICON0x5c6a80x2d28Device independent bitmap graphic, 48 x 96 x 32, image size 115200.2371107266435986
                                                                                                                                                                                                    RT_ICON0x5f3d00x4850PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9974070872947277
                                                                                                                                                                                                    RT_GROUP_ICON0x63c200x4cdata0.8026315789473685
                                                                                                                                                                                                    RT_VERSION0x63c6c0x49cdata0.3016949152542373
                                                                                                                                                                                                    RT_MANIFEST0x641080x17aASCII text, with CRLF line terminatorsEnglishUnited States0.5052910052910053

                                                                                                                                                                                                    Imports

                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    WINMM.dlltimeGetTime
                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
                                                                                                                                                                                                    COMCTL32.dllInitCommonControlsEx
                                                                                                                                                                                                    WININET.dllHttpSendRequestA, InternetErrorDlg, InternetOpenA, InternetSetOptionA, InternetReadFile, InternetCrackUrlA, InternetConnectA, InternetOpenUrlA, HttpQueryInfoA, InternetCloseHandle, InternetQueryOptionA, HttpOpenRequestA
                                                                                                                                                                                                    WINHTTP.dllWinHttpGetIEProxyConfigForCurrentUser, WinHttpCloseHandle, WinHttpOpen, WinHttpGetProxyForUrl
                                                                                                                                                                                                    KERNEL32.dllGetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, MoveFileExA, FreeLibrary, GetCurrentProcess, Sleep, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetVersion, GetTempPathA, WaitForSingleObject, SetEvent, TerminateThread, CreateEventA, GetLastError, CloseHandle, CreateMutexA, ReleaseMutex, CreateThread, SetEnvironmentVariableA, GlobalFree, DeleteFileA, InitializeCriticalSection, SetStdHandle, EnterCriticalSection, DeleteCriticalSection, GetExitCodeProcess, CreateProcessA, GetCurrentDirectoryA, lstrlenA, FormatMessageA, GetShortPathNameA, SetCurrentDirectoryA, LocalAlloc, GetVersionExA, LocalFree, FreeEnvironmentStringsA, SetFilePointer, HeapSize, ReadFile, RtlUnwind, FlushFileBuffers, GetConsoleMode, GetConsoleCP, GetStartupInfoA, GetFileType, SetHandleCount, GetOEMCP, GetACP, GetCPInfo, InterlockedDecrement, SetLastError, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, WriteFile, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, CompareStringA, CompareStringW, LeaveCriticalSection, InterlockedExchange, RaiseException, HeapFree, HeapAlloc, FileTimeToSystemTime, FileTimeToLocalFileTime, FindFirstFileA, FindNextFileA, FindClose, MoveFileA, ExitProcess, GetTimeFormatA, GetDateFormatA, GetDriveTypeA, GetFullPathNameA, GetTimeZoneInformation, GetSystemTimeAsFileTime, ExitThread, GetCurrentThreadId, MultiByteToWideChar, WideCharToMultiByte, GetFileAttributesA, CreateDirectoryA, RemoveDirectoryA, GetCommandLineA, GetProcessHeap, HeapReAlloc, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc
                                                                                                                                                                                                    USER32.dllSetTimer, GetWindowRect, KillTimer, SetWindowPos, GetDesktopWindow, DestroyWindow, GetMessageA, PostThreadMessageA, MonitorFromPoint, LoadIconA, SendMessageA, GetMonitorInfoA, TranslateMessage, SetWindowLongA, GetWindowLongA, CreateWindowExA, PeekMessageA, DefWindowProcA, GetCursorPos, ShowWindow, DispatchMessageA, SystemParametersInfoA, LoadCursorA, ValidateRect, RegisterClassA
                                                                                                                                                                                                    ADVAPI32.dllGetUserNameA, GetExplicitEntriesFromAclA, GetNamedSecurityInfoA, EqualSid, ConvertStringSidToSidA, SetNamedSecurityInfoA, SetEntriesInAclA

                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    04/20/24-12:27:13.107236TCP2049863ET TROJAN SimpleHelp Remote Access Software Activity4970980192.168.2.5208.75.205.129
                                                                                                                                                                                                    04/20/24-12:27:13.237832TCP2049863ET TROJAN SimpleHelp Remote Access Software Activity4971080192.168.2.5208.75.205.129

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Apr 20, 2024 12:27:12.977196932 CEST4970980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:12.977353096 CEST4971080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.106810093 CEST8049709208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.106863022 CEST8049710208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.106965065 CEST4970980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.107235909 CEST4970980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.107244968 CEST4971080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.107244968 CEST4971080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.236756086 CEST8049710208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.236809015 CEST8049709208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.237416983 CEST8049710208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.237602949 CEST4971080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.237643957 CEST8049709208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.237699032 CEST4970980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.237832069 CEST4971080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.367808104 CEST8049710208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.367887974 CEST4971080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.521735907 CEST4971880192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.651751995 CEST8049718208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.651859999 CEST4971880192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.654396057 CEST4971880192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.787329912 CEST8049718208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.788738012 CEST8049718208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.834523916 CEST4971880192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.977049112 CEST4971880192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.028615952 CEST4971980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.110086918 CEST8049718208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.162448883 CEST8049719208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.162761927 CEST4971880192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.162837982 CEST4971980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.163194895 CEST4971980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.293221951 CEST8049719208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.294027090 CEST8049719208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.334633112 CEST4971980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:08.856601000 CEST4970980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:08.856656075 CEST4971080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:08.856904030 CEST4971880192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:08.869200945 CEST4971980192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.773662090 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.903528929 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.903642893 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.929790020 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.059175014 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.060004950 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.097893953 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.230540991 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.268376112 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.398303986 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.401993990 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532026052 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532160997 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532207966 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532246113 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532284021 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532327890 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532390118 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532390118 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532390118 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.662168980 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.680701971 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.810688019 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.852792025 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.406907082 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.537174940 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.537966967 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.668037891 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.718580961 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.917365074 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.980743885 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.053256035 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.100577116 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.116395950 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.116496086 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.117300034 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.117922068 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.120913982 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.246767998 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.247371912 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.251554966 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.255523920 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.263041019 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.274754047 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.274836063 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.393265009 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.394370079 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.404433012 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.404618025 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.404694080 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.404894114 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.414316893 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.414819002 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.424925089 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.479350090 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.544897079 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.545000076 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.545682907 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.545712948 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.545880079 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.545959949 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.604938030 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.604938984 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.717197895 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.734549046 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.734576941 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.734678984 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.734934092 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.735029936 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.735157013 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.766011953 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.766012907 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.896060944 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.896307945 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.896389008 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.896469116 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.896648884 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.901062965 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.901122093 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.916619062 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.916714907 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.031232119 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.031680107 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.032241106 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.032335043 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.032495975 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.083323956 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.083565950 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.083633900 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.083683014 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.205904007 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.213809013 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.213844061 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.213876963 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.213910103 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.261070967 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.894293070 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:15.894794941 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.027692080 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.065110922 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.157933950 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.157994032 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.211283922 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.216449976 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.216727972 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.216788054 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.216845989 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.346004963 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.346179008 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:16.396514893 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.350274086 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.395577908 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509434938 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509577036 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509608030 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509645939 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509713888 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509735107 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509774923 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509820938 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.509855032 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.640054941 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.640141010 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.640178919 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.644756079 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.645714998 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.645873070 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.758949041 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.817842007 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.888237953 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.888968945 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:17.938220024 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.642694950 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.698240042 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.886773109 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.888469934 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.888524055 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.888581038 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.888622046 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.888665915 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.888714075 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.888751030 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:18.888793945 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.018172979 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.018224955 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.018260002 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.018290997 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.018307924 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.038265944 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.038602114 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.387341976 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.395817995 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.396203041 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.517647028 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.569395065 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:19.569432974 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.020136118 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.020622015 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.020622969 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.020736933 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.151477098 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.151505947 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.151520967 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.151536942 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:20.194143057 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.068295002 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.146847010 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.149298906 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.149298906 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.154354095 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.154719114 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.154783010 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.154848099 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.154905081 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.154988050 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.155047894 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.155107975 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.155174017 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.170387030 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.198612928 CEST8049721208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.198721886 CEST4972180192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.281642914 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.281681061 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.286071062 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.300889969 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:21.301018953 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.288546085 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.288882971 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.288961887 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.289041042 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.418282032 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.418801069 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.459774017 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.657241106 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.657644033 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.829318047 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:22.902101040 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.031656981 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.032406092 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.083085060 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.420919895 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421385050 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421484947 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421561003 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421623945 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421686888 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421749115 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421808958 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421876907 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.421945095 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.551466942 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.551543951 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.551615000 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.552911043 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.571619987 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:23.571674109 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.158780098 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.159168005 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.333056927 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.408148050 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.537377119 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.537628889 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.554846048 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.555195093 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556364059 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556364059 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556410074 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556590080 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556590080 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556590080 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556590080 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556639910 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.556663990 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.686749935 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.686790943 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.706780910 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:24.707106113 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.657936096 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.658402920 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.688982010 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.689476013 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.689476013 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.819951057 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.819992065 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.863456964 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:25.924721956 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.054490089 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.108028889 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.822691917 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.823133945 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.823220015 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.823268890 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.953284025 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.953744888 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:26.995652914 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.408955097 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.409394026 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.427352905 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.558494091 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.558557987 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.608938932 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.955913067 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956196070 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956285954 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956329107 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956372976 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956415892 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956460953 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956500053 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956537008 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:27.956579924 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:28.086066961 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:28.086128950 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:28.086169958 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:28.086241007 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:28.106583118 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:28.106682062 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.092014074 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.092319965 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.092407942 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.092464924 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.160195112 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.160465002 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.181755066 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.222312927 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.222374916 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.266509056 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.311784029 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.311844110 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:29.359183073 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.224927902 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.225337982 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.225337982 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.225428104 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.355710030 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.355772972 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.399827957 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.660150051 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.660520077 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.833648920 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:30.936501980 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.066109896 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.066174030 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.116935015 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.357580900 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.357937098 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.358135939 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.358195066 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.358247995 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.358293056 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.358346939 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.358536005 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.358536005 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.358581066 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.487657070 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.487710953 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.487746954 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.488596916 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.507913113 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:31.508140087 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.160705090 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.161103010 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.337090969 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.490753889 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.491051912 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.491133928 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.491185904 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.491241932 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.491276979 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.491319895 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.491358042 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.491410017 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.492567062 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.620855093 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.620889902 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.620919943 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.620953083 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.621210098 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.641473055 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.641690969 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.687869072 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.817780972 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:32.858971119 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:33.636388063 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:33.636746883 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:33.636811972 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:33.636862993 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:33.766859055 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:33.821221113 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:33.911437988 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:33.911756992 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.085443020 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.226871014 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.356602907 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.356666088 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.401065111 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.768749952 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.807348013 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.826227903 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.826307058 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.826307058 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.826363087 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.826410055 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.826451063 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.826489925 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.826529026 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.956135035 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.956193924 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.956231117 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:34.997915983 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:35.412220955 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:35.464783907 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:35.964783907 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.019859076 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.350701094 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.350800991 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.361929893 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.362004042 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.362056971 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.362102032 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.362149000 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.362194061 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.362240076 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.362286091 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.481535912 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.481596947 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.491343975 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.502047062 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.502389908 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.913433075 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:36.913853884 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.089607954 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.494008064 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.494788885 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.495043993 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.495126963 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.495188951 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.495254993 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.495312929 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.495376110 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.495434999 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.495496988 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.624944925 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.625010014 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.625042915 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.625077009 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.625112057 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.645333052 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.645445108 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.853007078 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:37.983282089 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.024740934 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.627258062 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.663604975 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.663867950 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.667572975 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.668773890 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.668848038 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.668910027 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.668975115 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.669032097 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.669086933 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.669141054 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.669275999 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.691741943 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.798332930 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.798712969 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.798743963 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.818820000 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.819045067 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:38.861426115 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.355807066 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.485310078 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.485367060 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.530781031 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.801296949 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.801740885 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.801740885 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.801831007 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.931776047 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.932213068 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:39.977802038 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.414557934 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.414870024 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.585225105 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.859817982 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.934305906 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.934719086 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.934720039 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.934822083 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.989998102 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:40.990678072 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:41.039381981 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:41.064053059 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:41.064183950 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:41.115377903 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:41.915304899 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:41.915797949 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.067615986 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.068073988 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.068173885 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.068173885 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.197993994 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.198056936 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.243364096 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.614342928 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.746371031 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:42.800729036 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.202725887 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.203192949 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.203192949 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.203296900 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.336205959 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.336708069 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.387022972 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.665384054 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.665843010 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:43.841500044 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.117774963 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.248322010 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.248635054 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.299434900 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.335855961 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336160898 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336240053 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336287022 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336322069 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336369991 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336404085 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336443901 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336487055 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.336522102 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.466372013 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.466685057 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.466715097 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.466731071 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.486789942 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:44.486932993 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.166362047 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.166742086 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.337385893 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.469641924 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.470192909 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.470192909 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.470295906 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.599819899 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.599878073 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.599914074 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.599951982 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.640579939 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:45.871689081 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.003199100 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.043509007 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.601726055 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.602082968 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.602173090 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.602195024 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.666692019 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.667041063 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.732204914 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.732831001 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.787473917 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:46.837560892 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.385283947 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.515085936 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.515151024 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.562202930 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.735264063 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.735646963 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.735647917 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.735647917 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.866115093 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.866286039 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:47.915383101 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.418046951 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.418493986 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.589411974 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.869836092 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870259047 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870259047 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870259047 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870347977 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870347977 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870372057 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870400906 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870452881 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.870481968 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.891515970 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.999732018 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.999790907 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.999825001 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.999857903 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:48.999891996 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:49.021033049 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:49.021276951 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:49.040327072 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:49.085788012 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:49.918492079 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:49.918904066 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.002516031 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.002990961 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.002990961 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.002990961 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.089381933 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.134201050 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.134258986 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.134295940 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.184873104 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.394577026 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.524965048 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:50.568836927 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.136837006 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.137170076 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.137226105 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.137284994 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.267239094 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.267301083 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.287893057 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.288147926 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.418783903 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.421705008 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.593825102 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:51.905730009 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.036226988 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.036286116 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.090991020 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.271943092 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.272576094 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.272576094 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.272672892 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.272672892 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.272672892 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.272701979 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.272758961 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.273016930 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.273017883 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.402558088 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.402617931 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.402673960 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:52.448389053 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.169574976 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.211476088 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.404511929 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.445816994 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.792481899 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.792541027 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.794845104 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.794902086 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.794953108 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.794996977 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.795038939 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.795080900 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.795129061 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.795171022 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.888853073 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.919612885 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.919686079 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.919910908 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.921688080 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.921905994 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.924093008 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.924153090 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.942106009 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:53.942173958 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.049185991 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.109392881 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.670325041 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.670758963 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.800865889 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.926911116 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.927326918 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.927419901 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:54.927421093 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:55.057589054 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:55.057984114 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:55.058048010 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:55.109534979 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:55.326322079 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:55.456224918 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:55.510114908 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.059705973 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.061955929 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.061955929 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.062042952 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.062062979 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.062117100 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.062169075 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.062218904 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.062288046 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.062347889 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.192133904 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.192228079 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.192264080 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.235001087 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.421741962 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.422220945 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.598433018 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.838726997 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.968399048 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:56.968694925 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:57.016566992 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:57.195027113 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:57.195796013 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:57.195796013 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:57.195843935 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:57.325876951 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:57.326483011 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:57.373445034 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.172811985 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.173290014 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.328479052 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329061985 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329061985 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329166889 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329206944 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329283953 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329355955 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329438925 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329523087 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.329603910 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.459152937 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.459209919 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.459244967 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.509491920 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.592721939 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.722280979 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:58.775329113 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.461496115 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.461963892 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.461965084 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.462058067 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.592077971 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.592715025 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.644182920 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.672457933 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.672946930 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:28:59.845285892 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.095817089 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.225729942 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.225789070 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.272470951 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.598788023 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.599256992 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.599658012 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.729504108 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.729562998 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:00.775041103 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.173229933 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.173669100 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.344973087 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.731154919 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.731717110 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.731718063 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.731718063 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.848961115 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.861901045 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.861962080 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.861996889 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.862034082 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.917336941 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:01.978395939 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:02.025597095 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:02.879302025 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:02.879826069 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:02.879827023 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:02.879935026 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:02.923641920 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:02.923890114 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:03.009995937 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:03.010515928 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:03.055430889 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:03.097179890 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:03.352550030 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:03.481940031 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:03.482003927 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:03.536533117 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.012013912 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.012450933 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.012450933 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.012545109 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.143471956 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.143505096 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.191180944 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.674796104 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.675272942 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.849417925 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.865349054 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.994862080 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:04.994930983 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:05.036092043 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:05.145067930 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:05.145348072 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:05.145440102 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:05.276155949 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:05.276221991 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:05.326746941 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.175489902 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.175878048 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.278152943 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.278563023 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.278641939 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.278664112 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.349419117 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.367283106 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.409446955 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.409476042 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.409965992 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.457007885 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.497317076 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:06.552808046 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.414699078 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.415046930 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.415096045 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.415150881 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.544306040 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.544753075 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.599073887 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.677534103 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.677978039 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:07.850022078 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.120419979 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.259406090 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.259465933 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.304817915 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.546484947 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.547005892 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.547007084 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.547167063 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.676870108 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.676934004 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:08.723378897 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.177046061 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.177472115 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.349050999 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.660074949 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.682356119 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.682704926 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.682914019 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.682914019 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.792448997 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.792515039 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.815963030 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.816028118 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:09.816131115 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.821949959 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.822369099 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.822369099 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.822369099 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.927649975 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.927763939 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.927959919 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.952480078 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:10.952572107 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.003375053 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.101587057 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.162822008 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.292490005 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.293174028 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.340852976 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.955084085 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.955439091 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.955522060 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:11.955554962 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:12.087461948 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:12.087523937 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:12.142040968 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:12.428492069 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:12.428986073 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:12.601418018 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:12.917227983 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.047745943 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.047775984 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.089483023 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.089679956 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.089833021 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.089986086 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.090028048 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.090073109 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.090137959 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.090192080 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.090246916 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.090310097 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.090369940 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.221425056 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.221452951 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.221471071 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.240386963 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.240680933 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.929111958 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:13.931704044 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.105103970 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.223215103 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.223817110 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.223817110 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.223817110 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.353725910 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.353754044 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.353770971 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.405272007 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.450757027 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.582895041 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:14.632601023 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.356774092 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.357172966 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.357286930 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.357359886 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.434788942 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.435283899 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.486871004 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.486928940 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.533057928 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.605246067 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:15.971112013 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.101202965 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.101262093 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.143723011 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.488820076 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.489181042 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.489268064 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.489339113 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.620093107 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.620803118 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:16.669493914 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:17.185470104 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:17.237984896 CEST4973080192.168.2.5208.75.205.129
                                                                                                                                                                                                    Apr 20, 2024 12:29:17.622098923 CEST8049730208.75.205.129192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:29:17.668926954 CEST4973080192.168.2.5208.75.205.129

                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Apr 20, 2024 12:27:12.699790001 CEST5847953192.168.2.51.1.1.1
                                                                                                                                                                                                    Apr 20, 2024 12:27:12.968161106 CEST53584791.1.1.1192.168.2.5
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.522018909 CEST6472053192.168.2.51.1.1.1
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.768821001 CEST53647201.1.1.1192.168.2.5

                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                    Apr 20, 2024 12:27:12.699790001 CEST192.168.2.51.1.1.10xa9a2Standard query (0)help.tkfast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.522018909 CEST192.168.2.51.1.1.10x8116Standard query (0)help.tkfast.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                    Apr 20, 2024 12:27:12.968161106 CEST1.1.1.1192.168.2.50xa9a2No error (0)help.tkfast.com208.75.205.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.768821001 CEST1.1.1.1192.168.2.50x8116No error (0)help.tkfast.com208.75.205.129A (IP address)IN (0x0001)false

                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                    • help.tkfast.com

                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.549709208.75.205.129801164C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.107235909 CEST155OUTGET /customer/JWrapper-Windows32JRE-version.txt?time=4211847998 HTTP/1.1
                                                                                                                                                                                                    User-Agent: JWrapperDownloader
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.237643957 CEST227INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 11
                                                                                                                                                                                                    Last-Modified: Tue, 10 Oct 2023 13:35:04 GMT
                                                                                                                                                                                                    Cache-Control: private, must-revalidate
                                                                                                                                                                                                    Pragma: private
                                                                                                                                                                                                    Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                                                                    Data Raw: 30 30 30 38 34 30 30 30 30 35 33
                                                                                                                                                                                                    Data Ascii: 00084000053


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    1192.168.2.549710208.75.205.129801164C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.107244968 CEST155OUTGET /customer/JWrapper-Windows32JRE-version.txt?time=4211847998 HTTP/1.1
                                                                                                                                                                                                    User-Agent: JWrapperDownloader
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.237416983 CEST227INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 11
                                                                                                                                                                                                    Last-Modified: Tue, 10 Oct 2023 13:35:04 GMT
                                                                                                                                                                                                    Cache-Control: private, must-revalidate
                                                                                                                                                                                                    Pragma: private
                                                                                                                                                                                                    Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                                                                    Data Raw: 30 30 30 38 34 30 30 30 30 35 33
                                                                                                                                                                                                    Data Ascii: 00084000053
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.237832069 CEST155OUTGET /customer/JWrapper-Windows32JRE-version.txt?time=4211847998 HTTP/1.1
                                                                                                                                                                                                    User-Agent: JWrapperDownloader
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Apr 20, 2024 12:27:13.367808104 CEST227INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 11
                                                                                                                                                                                                    Last-Modified: Tue, 10 Oct 2023 13:35:04 GMT
                                                                                                                                                                                                    Cache-Control: private, must-revalidate
                                                                                                                                                                                                    Pragma: private
                                                                                                                                                                                                    Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                                                                    Data Raw: 30 30 30 38 34 30 30 30 30 35 33
                                                                                                                                                                                                    Data Ascii: 00084000053


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    2192.168.2.549718208.75.205.129801164C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.654396057 CEST312OUTGET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.788738012 CEST227INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 11
                                                                                                                                                                                                    Last-Modified: Tue, 10 Oct 2023 13:40:58 GMT
                                                                                                                                                                                                    Cache-Control: private, must-revalidate
                                                                                                                                                                                                    Pragma: private
                                                                                                                                                                                                    Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                                                                    Data Raw: 30 30 31 30 32 32 33 36 32 34 31
                                                                                                                                                                                                    Data Ascii: 00102236241
                                                                                                                                                                                                    Apr 20, 2024 12:28:03.977049112 CEST312OUTGET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.110086918 CEST227INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 11
                                                                                                                                                                                                    Last-Modified: Tue, 10 Oct 2023 13:40:58 GMT
                                                                                                                                                                                                    Cache-Control: private, must-revalidate
                                                                                                                                                                                                    Pragma: private
                                                                                                                                                                                                    Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                                                                    Data Raw: 30 30 31 30 32 32 33 36 32 34 31
                                                                                                                                                                                                    Data Ascii: 00102236241


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    3192.168.2.549719208.75.205.129801164C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.163194895 CEST304OUTGET /customer/JWrapper-JWrapper-version.txt HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:04.294027090 CEST227INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 11
                                                                                                                                                                                                    Last-Modified: Tue, 10 Oct 2023 13:40:46 GMT
                                                                                                                                                                                                    Cache-Control: private, must-revalidate
                                                                                                                                                                                                    Pragma: private
                                                                                                                                                                                                    Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                                                                    Data Raw: 30 30 31 30 32 32 33 36 32 33 30
                                                                                                                                                                                                    Data Ascii: 00102236230


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    4192.168.2.549721208.75.205.129806224C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Apr 20, 2024 12:28:10.929790020 CEST331OUTGET /server_side_parameters HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.060004950 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 142
                                                                                                                                                                                                    Keep-Alive: timeout=0
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Data Raw: 23 53 69 6d 70 6c 65 48 65 6c 70 20 50 61 72 61 6d 65 74 65 72 73 0a 23 53 61 74 20 41 70 72 20 32 30 20 31 30 3a 32 38 3a 31 30 20 55 54 43 20 32 30 32 34 0a 64 65 66 61 75 6c 74 5f 70 61 73 73 77 6f 72 64 3d 66 61 6c 73 65 0a 73 65 72 76 65 72 5f 76 65 72 73 69 6f 6e 3d 53 53 75 69 74 65 2d 35 2d 34 2d 32 30 32 33 31 30 31 30 2d 31 34 33 35 32 33 0a 70 61 73 73 77 6f 72 64 5f 72 65 71 75 69 72 65 64 3d 66 61 6c 73 65 0a
                                                                                                                                                                                                    Data Ascii: #SimpleHelp Parameters#Sat Apr 20 10:28:10 UTC 2024default_password=falseserver_version=SSuite-5-4-20231010-143523password_required=false
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.097893953 CEST333OUTGET /translations_user/en.txt HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.230540991 CEST200INHTTP/1.1 200 OK
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                    Last-Modified: Tue, 10 Oct 2023 13:31:00 GMT
                                                                                                                                                                                                    Keep-Alive: timeout=0
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.268376112 CEST335OUTGET /branding/brandingfiles?a=3 HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.398303986 CEST285INHTTP/1.1 200 OK
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 129
                                                                                                                                                                                                    Keep-Alive: timeout=0
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Data Raw: 45 58 54 52 41 43 54 7c 61 70 70 6c 65 74 5f 73 70 6c 61 73 68 2e 70 6e 67 7c 37 31 32 39 7c 41 31 39 31 32 32 45 31 38 45 33 33 32 38 43 36 34 37 43 41 30 32 37 31 46 34 38 46 44 41 39 45 0a 45 58 54 52 41 43 54 7c 62 72 61 6e 64 69 6e 67 2e 70 72 6f 70 65 72 74 69 65 73 7c 31 39 37 7c 32 38 33 30 35 37 39 38 33 34 30 44 42 37 34 41 34 41 44 39 43 38 33 46 44 39 35 34 43 43 44 30 0a
                                                                                                                                                                                                    Data Ascii: EXTRACT|applet_splash.png|7129|A19122E18E3328C647CA0271F48FDA9EEXTRACT|branding.properties|197|28305798340DB74A4AD9C83FD954CCD0
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.401993990 CEST339OUTGET /branding/applet_splash.png?a=3 HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532026052 CEST217INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                    Content-Length: 7129
                                                                                                                                                                                                    Last-Modified: Thu, 04 Apr 2024 12:21:25 GMT
                                                                                                                                                                                                    Cache-Control: private, must-revalidate
                                                                                                                                                                                                    Pragma: private
                                                                                                                                                                                                    Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532160997 CEST1289INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 1b a0 49 44 41 54 78 da ed 9d cd aa e4 d6 b5 c7 6b 6e 70 91 91 f1 48 03 43 a6 05 9e 9a a0 81 69 3a 86 d8 35 70 4c 46 46 23 83 89 43 8b 64 d0
                                                                                                                                                                                                    Data Ascii: PNGIHDR\rfIDATxknpHCi:5pLFF#Cd|ziatF!CNlu/G#*]^CU?l$J^{
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532207966 CEST1289INData Raw: 52 00 50 91 ee d0 73 5a 92 9b 0b ce 9b 69 c2 60 cd bc 88 92 3c 21 28 0e 0b d0 fc 03 ba c8 10 60 43 60 40 e3 e2 a0 46 e3 1a 32 8d 30 a1 e5 e4 0f d2 98 ba 3b e4 3f 36 91 07 72 16 90 15 00 c6 49 c0 39 81 41 2c 4f e6 d9 f5 af 27 67 31 bf ce ac 42 9d
                                                                                                                                                                                                    Data Ascii: RPsZi`<!(`C`@F20;?6rI9A,O'g1BVP.`>Uhy w'ymU1Dyu0q$uP&VW 3@KC%5 O(+!8ClLkwyoy
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532246113 CEST1289INData Raw: 2b f6 e8 2a 83 ef e4 5a 16 5c 4f 05 00 76 b1 b4 47 08 58 19 ee 69 06 b8 71 84 c0 75 2b b1 cf bf fe 7e fb e6 47 9f b5 92 f8 f2 5c 00 b0 35 fe ed 43 01 40 9c fc 5b 1b fc 6d 67 38 db 54 38 7a 04 ab f4 01 70 b8 80 25 49 42 88 08 02 b6 46 ab 0b 01 9d
                                                                                                                                                                                                    Data Ascii: +*Z\OvGXiqu+~G\5C@[mg8T8zp%IBFcu%`csg$!}C-!TLev*0(<>zM81ZxNv=F\$J13cZ=#{3M)P0m
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532284021 CEST1289INData Raw: 73 a7 bb 5a 4b 00 01 54 0c 42 d3 35 fa f1 78 be fe 71 f6 e0 2f df ce 8a ab 2f f6 65 bc fd ff 6a b8 d7 ad 20 2c c8 09 21 90 09 12 84 9b eb e9 42 7d 10 d4 b6 ed d2 6c b6 4e 87 a0 49 18 bf ee 10 bc 59 57 c2 06 13 bb b0 c0 15 00 83 ef 55 6a 79 03 2a
                                                                                                                                                                                                    Data Ascii: sZKTB5xq//ej ,!B}lNIYWUjy*Zt/5bqp{BBso_>s ?P%8Nye&`[A[k=skW(3jo,5I3s;w:oW7]Ex\:x
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.532327890 CEST1289INData Raw: fb b7 6f ff dd dc bd f7 64 fb d2 9d 8f 85 e7 f8 d5 ef ff dc 3d 5f ff 28 f3 2c 96 17 03 80 58 b3 19 53 05 00 35 04 b4 eb 0c 08 bc 86 37 3e a8 66 f7 1f 3f df ef 6a 1c 45 66 61 c2 d1 3b a8 58 ee 20 1b e5 0a d6 0a af 60 fb f9 d7 df 6f df bd ff 6c fb
                                                                                                                                                                                                    Data Ascii: od=_(,XS57>f?jEfa;X `ol{e=qF*Kx1J<OU<dC%vv<:\jh^s1T4p\TUQG <3>}FCX
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.662168980 CEST684INData Raw: 3c 75 77 b1 20 00 00 a0 4b 09 05 48 5d f3 c4 41 40 da ed 08 00 80 82 03 20 22 04 92 00 81 ad 51 e9 7a 3c 3e 05 00 00 02 29 43 40 66 14 21 e7 d4 29 57 3f da 96 52 47 03 00 34 11 69 fc 98 2f df bd da 77 f6 39 8e d7 8b 4f e8 7e f4 80 f9 00 69 82 d3
                                                                                                                                                                                                    Data Ascii: <uw KH]A@ "Qz<>)C@f!)W?RG4i/w9O~iH{&zpg$`,[M&HA@TL 8W}p*|d@L=:QP7-=xveY>@`p%I kak@U7,v'
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.680701971 CEST341OUTGET /branding/branding.properties?a=3 HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:11.810688019 CEST414INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 197
                                                                                                                                                                                                    Last-Modified: Thu, 12 Oct 2023 12:01:19 GMT
                                                                                                                                                                                                    Cache-Control: private, must-revalidate
                                                                                                                                                                                                    Pragma: private
                                                                                                                                                                                                    Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                                                                    Data Raw: 23 53 69 6d 70 6c 65 48 65 6c 70 20 42 72 61 6e 64 69 6e 67 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 0a 23 4d 6f 6e 20 4a 75 6e 20 33 30 20 31 34 3a 30 36 3a 31 30 20 43 44 54 20 32 30 31 34 0a 53 55 50 50 4f 52 54 5f 45 58 45 5f 4e 41 4d 45 5f 4b 45 45 50 5f 4f 53 3d 66 61 6c 73 65 0a 53 55 50 50 4f 52 54 5f 45 58 45 5f 4e 41 4d 45 5f 4b 45 45 50 5f 54 59 50 45 3d 66 61 6c 73 65 0a 41 50 50 4c 49 43 41 54 49 4f 4e 5f 4e 41 4d 45 3d 54 6b 46 61 73 74 20 49 6e 63 2e 0a 53 55 50 50 4f 52 54 5f 45 58 45 5f 4e 41 4d 45 3d 5f 54 6b 46 61 73 74 52 65 6d 6f 74 65 53 75 70 70 6f 72 74 5f 0a
                                                                                                                                                                                                    Data Ascii: #SimpleHelp Branding Configuration#Mon Jun 30 14:06:10 CDT 2014SUPPORT_EXE_NAME_KEEP_OS=falseSUPPORT_EXE_NAME_KEEP_TYPE=falseAPPLICATION_NAME=TkFast Inc.SUPPORT_EXE_NAME=_TkFastRemoteSupport_
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.406907082 CEST345OUTGET /simplehelpdisclaimer.txt?language=en HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.537174940 CEST168INHTTP/1.1 200 OK
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Content-Type: text/plain;charset=utf-8
                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                    Keep-Alive: timeout=0
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.537966967 CEST330OUTGET /simplehelpdetails.txt HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.668037891 CEST174INHTTP/1.1 200 OK
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Content-Type:
                                                                                                                                                                                                    Content-Length: 29
                                                                                                                                                                                                    Keep-Alive: timeout=0
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Data Raw: 3c 44 65 74 61 69 6c 73 4c 69 73 74 3e 0a 3c 2f 44 65 74 61 69 6c 73 4c 69 73 74 3e 0a
                                                                                                                                                                                                    Data Ascii: <DetailsList></DetailsList>
                                                                                                                                                                                                    Apr 20, 2024 12:28:13.917365074 CEST280OUTGET /availableports HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                                                                    Host: help.tkfast.com
                                                                                                                                                                                                    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.053256035 CEST117INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                    Content-Length: 6
                                                                                                                                                                                                    Keep-Alive: timeout=0
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Data Raw: 38 30 2c 34 34 33
                                                                                                                                                                                                    Data Ascii: 80,443


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    5192.168.2.549730208.75.205.129806224C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.117300034 CEST6OUTData Raw: 4e 44 4c 4b
                                                                                                                                                                                                    Data Ascii: NDLK
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.117922068 CEST14OUTData Raw: 00 00 00 0a 40 33 31 32 30 35 31 38 30 32
                                                                                                                                                                                                    Data Ascii: @312051802
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.120913982 CEST60OUTData Raw: 00 00 00 0a 40 33 31 32 30 35 31 38 30 32 00 00 00 2a 00 00 00 00 c4 65 36 00 00 00 00 1e 00 00 00 0a 40 33 31 32 30 35 31 38 30 32 05 52 c9 79 00 00 00 05 00 00 01 8e fb 0c a2 f1
                                                                                                                                                                                                    Data Ascii: @312051802*e6@312051802Ry
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.255523920 CEST74INData Raw: 00 00 00 0a 40 33 31 38 37 39 36 32 34 31 00 00 00 38 00 00 00 00 05 52 c9 79 00 00 00 2c 00 00 00 05 00 00 01 8e fb 0c a6 f0 00 26 25 a0 ff ff ff ff 00 03 0d 40 00 00 07 d0 01 e6 f3 38 01 e6 f3 39 01 e6 f3 3a 01 e6 f3 3b
                                                                                                                                                                                                    Data Ascii: @3187962418Ry,&%@89:;
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.263041019 CEST34OUTData Raw: 00 00 00 0a 40 33 31 32 30 35 31 38 30 32 00 00 00 10 00 00 00 00 05 52 c9 79 00 00 00 04 03 05 3a d1
                                                                                                                                                                                                    Data Ascii: @312051802Ry:
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.274754047 CEST46OUTData Raw: 00 00 00 0a 40 33 31 32 30 35 31 38 30 32 00 00 00 1c 00 00 00 00 01 e6 f3 39 00 00 00 10 00 00 00 00 00 00 00 00 00 00 01 8e fb 0c a4 20
                                                                                                                                                                                                    Data Ascii: @3120518029
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.274836063 CEST54OUTData Raw: 00 00 00 0a 40 33 31 32 30 35 31 38 30 32 00 00 00 24 00 00 00 00 01 e6 f3 38 00 00 00 18 00 00 00 00 00 00 00 00 00 00 01 8e fb 0c a4 20 09 11 43 05 3c 07 70 01
                                                                                                                                                                                                    Data Ascii: @312051802$8 C<p
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.393265009 CEST46INData Raw: 00 00 00 0a 40 33 31 38 37 39 36 32 34 31 00 00 00 1c 00 00 00 00 01 e6 f3 39 00 00 00 10 00 00 00 00 00 00 00 00 00 00 01 8e fb 0c a7 7a
                                                                                                                                                                                                    Data Ascii: @3187962419z
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.394370079 CEST40OUTData Raw: 00 00 00 0a 40 33 31 32 30 35 31 38 30 32 00 00 00 16 00 00 00 00 01 e6 f3 3a 00 00 00 0a 57 77 00 00 01 8e fb 0c a7 7a
                                                                                                                                                                                                    Data Ascii: @312051802:Wwz
                                                                                                                                                                                                    Apr 20, 2024 12:28:14.404618025 CEST56INData Raw: 00 00 00 0a 40 33 31 38 37 39 36 32 34 31 00 00 00 26 00 00 00 00 01 e6 f3 3a 00 00 00 1a 44 44 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 08 00 00 01 8e fb 0c a4 20
                                                                                                                                                                                                    Data Ascii: @318796241&:DD


                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                    Start time:12:27:09
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.29401.13949.1657.exe"
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:28'436'544 bytes
                                                                                                                                                                                                    MD5 hash:F02AAAF0D308CF00B19CD2EE4F389AC5
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                    Start time:12:27:14
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\crs-agent.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                    Start time:12:27:15
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\charsets.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                    Start time:12:27:16
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\jsse.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                    Start time:12:27:17
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\jaccess.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                    Start time:12:27:18
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunpkcs11.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                    Start time:12:27:20
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                    Start time:12:27:22
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\access-bridge-32.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                    Start time:12:27:27
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\openjsse.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                    Start time:12:27:30
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\legacy8ujsse.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                    Start time:12:27:34
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\cldrdata.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                    Start time:12:27:39
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\ext\sunmscapi.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                    Start time:12:27:46
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\rt.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\lib\rt.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                    Start time:12:27:51
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe" "-Xshare:dump"
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:151'632 bytes
                                                                                                                                                                                                    MD5 hash:D56527919A78D6AC6CEF8A9CB3D0B922
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                    Start time:12:27:53
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\unpack200.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608830-0-app\customer-jar-with-dependencies.jar"
                                                                                                                                                                                                    Imagebase:0x20000
                                                                                                                                                                                                    File size:160'384 bytes
                                                                                                                                                                                                    MD5 hash:14A39388617FC5B75646EC85FC9FF9FD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                    Start time:12:28:04
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713608944217-1"
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:151'632 bytes
                                                                                                                                                                                                    MD5 hash:D56527919A78D6AC6CEF8A9CB3D0B922
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                    • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                    Start time:12:28:10
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713608892-0-app\bin\windowslauncher.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\windowslauncher.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49722 127.0.0.1 49723 restricted
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:151'632 bytes
                                                                                                                                                                                                    MD5 hash:D56527919A78D6AC6CEF8A9CB3D0B922
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                    Start time:12:28:11
                                                                                                                                                                                                    Start date:20/04/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows32JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49726 127.0.0.1 49727 restricted_backup
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:151'632 bytes
                                                                                                                                                                                                    MD5 hash:D56527919A78D6AC6CEF8A9CB3D0B922
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:5.6%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:10.2%
                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                      Total number of Limit Nodes:133
                                                                                                                                                                                                      execution_graph 44661 40e611 44662 40e630 44661->44662 44663 40e61c 44661->44663 44665 40e64f 44662->44665 44700 40e710 105 API calls 3 library calls 44662->44700 44699 40e710 105 API calls 3 library calls 44663->44699 44667 40e66e 44665->44667 44701 40e710 105 API calls 3 library calls 44665->44701 44668 40e68d 44667->44668 44702 40e710 105 API calls 3 library calls 44667->44702 44673 414e4c 44668->44673 44674 414e64 44673->44674 44675 40e699 44673->44675 44676 414e72 44674->44676 44682 414f06 44674->44682 44742 413b3c 44676->44742 44681 414e91 44683 414eaa 44681->44683 44685 413b3c 67 API calls 44681->44685 44686 414f4a 44682->44686 44687 414f12 44682->44687 44746 413b7c 67 API calls ___convertcp 44683->44746 44688 414ea3 44685->44688 44703 417762 44686->44703 44750 417c9e 72 API calls 44687->44750 44688->44683 44689 414eb6 44688->44689 44747 416dd8 72 API calls 44689->44747 44692 414ec2 44693 414ee0 44692->44693 44694 414ecd 44692->44694 44696 414e4c 72 API calls 44693->44696 44748 416dfb 67 API calls 44694->44748 44697 414eee 44696->44697 44749 416dfb 67 API calls 44697->44749 44699->44662 44700->44665 44701->44667 44702->44668 44705 41776f 44703->44705 44704 413b3c 67 API calls 44708 4177e0 44704->44708 44705->44704 44706 41789a 44706->44675 44707 41782e 44713 417839 44707->44713 44776 418516 72 API calls 44707->44776 44708->44706 44708->44707 44709 413b3c 67 API calls 44708->44709 44712 41786c 44708->44712 44709->44708 44711 417bdf 44815 413b7c 67 API calls ___convertcp 44711->44815 44715 41788e 44712->44715 44774 413b7c 67 API calls ___convertcp 44712->44774 44713->44711 44717 413b3c 67 API calls 44713->44717 44775 413b7c 67 API calls ___convertcp 44715->44775 44716 417bec 44716->44706 44816 413b7c 67 API calls ___convertcp 44716->44816 44719 4178e5 44717->44719 44719->44711 44722 417928 44719->44722 44723 4178f8 44719->44723 44777 416e6a 44722->44777 44751 414caa 44723->44751 44727 417923 44738 417a81 44727->44738 44770 413be7 44727->44770 44733 417969 44734 4179ab 44733->44734 44733->44738 44789 4143c2 44733->44789 44735 4179fe 44734->44735 44734->44738 44801 414277 44734->44801 44737 414277 72 API calls 44735->44737 44735->44738 44739 4143c2 72 API calls 44735->44739 44740 417b2e 44735->44740 44736 4143c2 72 API calls 44736->44740 44737->44735 44814 413b7c 67 API calls ___convertcp 44738->44814 44739->44735 44740->44736 44740->44738 44741 414277 72 API calls 44740->44741 44741->44740 44743 418e27 _malloc 67 API calls 44742->44743 44744 413b48 44743->44744 44744->44675 44745 414c15 72 API calls 44744->44745 44745->44681 44746->44675 44747->44692 44748->44675 44749->44675 44750->44675 44752 414cb7 44751->44752 44756 414cd9 44752->44756 44817 413d72 72 API calls 44752->44817 44754 414cdf 44754->44738 44758 414b69 44754->44758 44756->44754 44818 41750c 72 API calls 44756->44818 44819 4154e5 44756->44819 44759 413b3c 67 API calls 44758->44759 44760 414b78 44759->44760 44761 414277 72 API calls 44760->44761 44768 414b9f 44760->44768 44762 414b8d 44761->44762 44763 414ba2 44762->44763 44764 414b99 44762->44764 44766 416e6a 72 API calls 44763->44766 44877 413b7c 67 API calls ___convertcp 44764->44877 44767 414bae 44766->44767 44878 413b7c 67 API calls ___convertcp 44767->44878 44768->44727 44771 413bf5 44770->44771 44772 413c03 44770->44772 44771->44772 44773 41502b 72 API calls 44771->44773 44772->44733 44773->44772 44774->44712 44775->44706 44776->44713 44778 413b3c 67 API calls 44777->44778 44779 416e79 44778->44779 44787 416ea4 44779->44787 44879 414422 44779->44879 44781 416e92 44782 416ea8 44781->44782 44783 416e9b 44781->44783 44784 416ebd 44782->44784 44921 413ff7 44782->44921 44920 413b7c 67 API calls ___convertcp 44783->44920 44927 413b7c 67 API calls ___convertcp 44784->44927 44787->44727 44790 4143d2 44789->44790 44791 4143dd 44789->44791 44998 416747 72 API calls 44790->44998 44793 4143e5 44791->44793 44796 4143f0 44791->44796 44953 416538 44793->44953 44794 4143db 44794->44733 44797 41440e 44796->44797 44798 414403 44796->44798 45000 4162a5 67 API calls __gmtime64_s 44797->45000 44999 4163f5 72 API calls __gmtime64_s 44798->44999 44802 414298 44801->44802 44803 4142a2 44802->44803 44804 4142ae 44802->44804 45007 415b8b 72 API calls 44803->45007 44806 4142cd 44804->44806 44807 4142be 44804->44807 44809 4142f3 44806->44809 44811 4142e6 44806->44811 45008 4158cc 72 API calls 44807->45008 45010 415684 72 API calls __gmtime64_s 44809->45010 45009 4157ab 72 API calls 44811->45009 44812 4142ac 44812->44734 44814->44711 44815->44716 44816->44716 44817->44756 44818->44756 44820 415502 44819->44820 44822 415509 44819->44822 44823 41502b 44820->44823 44822->44756 44824 41505d 44823->44824 44825 41503a 44823->44825 44824->44822 44827 41f028 44825->44827 44828 41f034 ___lock_fhandle 44827->44828 44829 41f049 44828->44829 44830 41f03b 44828->44830 44832 41f050 44829->44832 44833 41f05c 44829->44833 44831 418e27 _malloc 67 API calls 44830->44831 44849 41f043 ___lock_fhandle __dosmaperr 44831->44849 44834 418d4a ___convertcp 67 API calls 44832->44834 44839 41f1ce 44833->44839 44863 41f069 __fwrite_nolock ___sbh_resize_block ___sbh_find_block 44833->44863 44834->44849 44835 41f201 44873 420859 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 44835->44873 44836 41f1d3 RtlReAllocateHeap 44836->44839 44836->44849 44838 41f954 __lock 67 API calls 44838->44863 44839->44835 44839->44836 44841 41f225 44839->44841 44845 41f21b 44839->44845 44872 420859 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 44839->44872 44840 41f207 44874 419249 67 API calls __getptd_noexit 44840->44874 44841->44849 44876 419249 67 API calls __getptd_noexit 44841->44876 44875 419249 67 API calls __getptd_noexit 44845->44875 44846 41f22e GetLastError 44846->44849 44849->44824 44850 41f0f4 HeapAlloc 44857 41f0ee __fwrite_nolock 44850->44857 44850->44863 44851 41f19c 44851->44849 44852 41f1a1 GetLastError 44851->44852 44852->44849 44853 41f149 HeapReAlloc 44853->44863 44855 41f1b4 44855->44849 44871 419249 67 API calls __getptd_noexit 44855->44871 44857->44850 44857->44863 44867 41f9f8 __VEC_memcpy VirtualFree VirtualFree HeapFree __fptostr 44857->44867 44860 41f197 44870 419249 67 API calls __getptd_noexit 44860->44870 44861 41f1c1 44861->44846 44861->44849 44863->44835 44863->44838 44863->44849 44863->44850 44863->44853 44863->44855 44863->44857 44863->44860 44865 4201a1 5 API calls 2 library calls 44863->44865 44866 41f9f8 __VEC_memcpy VirtualFree VirtualFree HeapFree __fptostr 44863->44866 44868 41f16c LeaveCriticalSection _doexit 44863->44868 44869 420859 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 44863->44869 44865->44863 44866->44863 44867->44857 44868->44863 44869->44863 44870->44851 44871->44861 44872->44839 44873->44840 44874->44849 44875->44851 44876->44846 44877->44768 44878->44768 44880 41443b 44879->44880 44885 414433 44879->44885 44881 414476 44880->44881 44882 41444d 44880->44882 44928 416d81 44881->44928 44884 413be7 72 API calls 44882->44884 44882->44885 44884->44885 44885->44781 44887 413b3c 67 API calls 44888 41449e 44887->44888 44889 414867 44888->44889 44891 413b3c 67 API calls 44888->44891 44948 413b7c 67 API calls ___convertcp 44889->44948 44892 4144b2 44891->44892 44893 41485d 44892->44893 44932 4153a6 72 API calls 44892->44932 44947 413b7c 67 API calls ___convertcp 44893->44947 44896 4144c7 44897 414853 44896->44897 44933 4153a6 72 API calls 44896->44933 44946 413b7c 67 API calls ___convertcp 44897->44946 44900 414849 44945 413b7c 67 API calls ___convertcp 44900->44945 44902 4144dd 44902->44900 44908 41453c 44902->44908 44934 4150ad 72 API calls 44902->44934 44904 414524 44913 41482f 44904->44913 44935 4150ad 72 API calls 44904->44935 44908->44913 44936 416d1b 44908->44936 44909 41456c 44909->44913 44914 4145ad __aulldiv 44909->44914 44941 41413c 72 API calls 44909->44941 44911 4147e4 44911->44913 44943 4153c4 72 API calls 44911->44943 44944 413b7c 67 API calls ___convertcp 44913->44944 44914->44911 44914->44913 44915 414314 72 API calls 44914->44915 44917 413be7 72 API calls 44914->44917 44918 416d1b 72 API calls 44914->44918 44919 413ff7 72 API calls 44914->44919 44942 41413c 72 API calls 44914->44942 44915->44914 44917->44914 44918->44914 44919->44914 44920->44787 44922 414010 44921->44922 44925 414020 44921->44925 44949 4155a8 44922->44949 44924 41401e 44924->44784 44926 4154e5 72 API calls 44925->44926 44926->44924 44927->44787 44929 416d8f 44928->44929 44930 418e27 _malloc 67 API calls 44929->44930 44931 414484 44930->44931 44931->44885 44931->44887 44932->44896 44933->44902 44934->44904 44935->44908 44937 416d24 44936->44937 44938 416d28 44936->44938 44937->44909 44939 416d3d 44938->44939 44940 41502b 72 API calls 44938->44940 44939->44909 44940->44939 44941->44909 44942->44914 44943->44913 44944->44900 44945->44897 44946->44893 44947->44889 44948->44885 44950 4155bf 44949->44950 44951 41502b 72 API calls 44950->44951 44952 4155e6 44950->44952 44951->44952 44952->44924 44952->44952 44954 416d81 67 API calls 44953->44954 44955 416558 44954->44955 44956 41673f 44955->44956 44957 416d81 67 API calls 44955->44957 44956->44794 44958 416570 44957->44958 44959 416735 44958->44959 44960 416d81 67 API calls 44958->44960 45006 413b7c 67 API calls ___convertcp 44959->45006 44962 416588 44960->44962 44963 41672b 44962->44963 44965 416d81 67 API calls 44962->44965 45005 413b7c 67 API calls ___convertcp 44963->45005 44966 4165a0 44965->44966 44967 416721 44966->44967 44968 416d81 67 API calls 44966->44968 45004 413b7c 67 API calls ___convertcp 44967->45004 44970 4165ba 44968->44970 44971 416717 44970->44971 44973 416d81 67 API calls 44970->44973 45003 413b7c 67 API calls ___convertcp 44971->45003 44976 4165d4 44973->44976 44974 41670d 45002 413b7c 67 API calls ___convertcp 44974->45002 44976->44974 44977 4143c2 72 API calls 44976->44977 44978 416630 44977->44978 44979 4166fa 44978->44979 44980 4143c2 72 API calls 44978->44980 45001 413b7c 67 API calls ___convertcp 44979->45001 44982 416649 44980->44982 44982->44979 44983 4155a8 72 API calls 44982->44983 44984 416664 44983->44984 44984->44979 44985 4143c2 72 API calls 44984->44985 44986 416679 44985->44986 44986->44979 44987 4155a8 72 API calls 44986->44987 44988 416694 44987->44988 44988->44979 44989 4154e5 72 API calls 44988->44989 44990 4166ac 44989->44990 44990->44979 44991 416d1b 72 API calls 44990->44991 44992 4166bd 44991->44992 44992->44979 44993 416d1b 72 API calls 44992->44993 44994 4166cf 44993->44994 44994->44979 44995 413ff7 72 API calls 44994->44995 44996 4166e3 44995->44996 44996->44979 44997 413ff7 72 API calls 44996->44997 44997->44979 44998->44794 44999->44794 45000->44794 45001->44974 45002->44971 45003->44967 45004->44963 45005->44959 45006->44956 45007->44812 45008->44812 45009->44812 45010->44812 45011 423630 45012 42366c 45011->45012 45044 423665 45011->45044 45013 423670 45012->45013 45014 423697 45012->45014 45084 41925c 67 API calls __getptd_noexit 45013->45084 45019 423701 45014->45019 45020 4236db 45014->45020 45016 418d3b ___ansicp 5 API calls 45018 423bee 45016->45018 45017 423675 45085 419249 67 API calls __getptd_noexit 45017->45085 45021 423716 45019->45021 45022 423707 45019->45022 45087 41925c 67 API calls __getptd_noexit 45020->45087 45074 4285c9 45021->45074 45090 428d70 69 API calls 3 library calls 45022->45090 45026 42367c 45086 42147f 4 API calls 2 library calls 45026->45086 45028 4236e0 45088 419249 67 API calls __getptd_noexit 45028->45088 45029 423713 45029->45021 45031 42371c 45033 42391b 45031->45033 45040 42174d __write_nolock 67 API calls 45031->45040 45036 423929 45033->45036 45037 423b4e WriteFile 45033->45037 45034 4236e9 45089 42147f 4 API calls 2 library calls 45034->45089 45038 4239cc 45036->45038 45046 42393b 45036->45046 45039 423b75 GetLastError 45037->45039 45049 423916 45037->45049 45051 4239d6 45038->45051 45055 423a73 45038->45055 45039->45049 45042 423737 GetConsoleMode 45040->45042 45041 423baf 45041->45044 45094 419249 67 API calls __getptd_noexit 45041->45094 45042->45033 45043 42375b 45042->45043 45043->45033 45048 423769 GetConsoleCP 45043->45048 45044->45016 45045 423986 WriteFile 45045->45039 45045->45046 45046->45041 45046->45045 45046->45049 45048->45049 45069 423789 45048->45069 45049->45041 45049->45044 45050 423b8f 45049->45050 45056 423b97 45050->45056 45057 423ba4 45050->45057 45051->45041 45052 423a29 WriteFile 45051->45052 45052->45039 45059 423a4e 45052->45059 45053 423b9c 45095 41925c 67 API calls __getptd_noexit 45053->45095 45054 423ac9 WideCharToMultiByte 45054->45039 45058 423afc WriteFile 45054->45058 45055->45041 45055->45054 45092 419249 67 API calls __getptd_noexit 45056->45092 45093 41926f 67 API calls 2 library calls 45057->45093 45061 423b2a GetLastError 45058->45061 45066 423b21 45058->45066 45059->45049 45059->45051 45065 423a6e 45059->45065 45061->45066 45065->45049 45066->45049 45066->45055 45066->45058 45066->45065 45067 429850 79 API calls __write_nolock 45067->45069 45068 423801 WideCharToMultiByte 45068->45049 45071 42382f WriteFile 45068->45071 45069->45049 45069->45067 45069->45068 45070 423850 45069->45070 45091 4256aa 77 API calls __isleadbyte_l 45069->45091 45070->45039 45070->45049 45070->45069 45072 42967b 11 API calls __putwch_nolock 45070->45072 45073 423868 WriteFile 45070->45073 45071->45039 45071->45070 45072->45070 45073->45039 45073->45070 45075 4285d2 45074->45075 45076 4285e0 45074->45076 45096 419249 67 API calls __getptd_noexit 45075->45096 45078 42860b 45076->45078 45097 419249 67 API calls __getptd_noexit 45076->45097 45078->45031 45080 4285d7 45080->45031 45081 4285f4 45098 42147f 4 API calls 2 library calls 45081->45098 45084->45017 45085->45026 45087->45028 45088->45034 45090->45029 45091->45069 45092->45053 45093->45044 45094->45053 45095->45044 45096->45080 45097->45081 40841 407904 SendMessageA 40842 40a8c5 40843 40a7ce 40842->40843 40845 418b00 40843->40845 40846 418b65 RaiseException 40845->40846 40847 418b84 40845->40847 40849 418d12 40846->40849 40848 418bf1 LoadLibraryA 40847->40848 40847->40849 40850 418c41 InterlockedExchange 40847->40850 40855 418c7c 40847->40855 40848->40850 40851 418c00 GetLastError 40848->40851 40849->40843 40852 418c75 FreeLibrary 40850->40852 40853 418c4f 40850->40853 40856 418c20 RaiseException 40851->40856 40857 418c12 40851->40857 40852->40855 40853->40855 40859 418c55 LocalAlloc 40853->40859 40854 418cc7 GetProcAddress 40854->40849 40858 418cd7 GetLastError 40854->40858 40855->40849 40855->40854 40856->40849 40857->40850 40857->40856 40860 418ce9 40858->40860 40859->40855 40861 418c63 40859->40861 40860->40849 40862 418cf7 RaiseException 40860->40862 40861->40855 40862->40849 40863 4079a7 40864 407a44 40863->40864 40865 4079c6 GetModuleHandleA LoadCursorA LoadIconA RegisterClassA 40863->40865 40866 407a4a GetCursorPos MonitorFromPoint GetMonitorInfoA 40865->40866 40867 407a2d GetLastError 40865->40867 40869 407acf SystemParametersInfoA 40866->40869 40871 407aa0 _strlen 40866->40871 40867->40866 40868 407a3a 40867->40868 40879 40a137 timeGetTime 40868->40879 40869->40871 40872 407b44 CreateWindowExA 40871->40872 40873 407b75 40872->40873 40874 407bed SetWindowLongA ShowWindow PeekMessageA SetEvent 40873->40874 40875 407c49 KiUserCallbackDispatcher 40874->40875 40876 407c27 40875->40876 40877 407c57 KiUserCallbackDispatcher 40875->40877 40876->40875 40876->40877 40878 407c33 TranslateMessage DispatchMessageA 40876->40878 40877->40864 40878->40875 40880 40a162 40879->40880 40890 40a19d 40880->40890 40926 41c993 105 API calls 8 library calls 40880->40926 40883 40a180 40927 41e89d 103 API calls _vfprintf_helper 40883->40927 40884 40a1aa 40912 41cfc6 40884->40912 40887 40a192 40889 41a1c4 107 API calls 40887->40889 40888 40a1b6 __flsbuf 40915 41a1c4 40888->40915 40889->40890 40895 418eea 40890->40895 40892 40a1c4 __flsbuf 40893 41a1c4 107 API calls 40892->40893 40894 40a1d2 timeGetTime 40893->40894 40894->40864 40896 418ef6 ___lock_fhandle 40895->40896 40897 418f21 __flsbuf 40896->40897 40898 418f04 40896->40898 40930 41c8d9 68 API calls __lock 40897->40930 40928 419249 67 API calls __getptd_noexit 40898->40928 40900 418f09 40929 42147f 4 API calls 2 library calls 40900->40929 40903 418f33 __flsbuf 40931 42087b 67 API calls 4 library calls 40903->40931 40904 418f19 ___lock_fhandle 40904->40884 40906 418f45 __flsbuf 40932 4209e1 103 API calls 15 library calls 40906->40932 40908 418f5d __flsbuf 40933 420911 101 API calls __flush 40908->40933 40910 418f6e 40934 418f86 LeaveCriticalSection LeaveCriticalSection __flsbuf __getstream 40910->40934 40935 41cf36 40912->40935 40914 41cfda 40914->40888 40916 41a1d0 ___lock_fhandle 40915->40916 40917 41a1e0 40916->40917 40918 41a1d7 40916->40918 40920 41c8aa _fputc 68 API calls 40917->40920 41022 41a0ea 105 API calls 4 library calls 40918->41022 40921 41a1e8 40920->40921 41023 41a0a8 105 API calls 4 library calls 40921->41023 40923 41a1f4 41024 41a20d LeaveCriticalSection LeaveCriticalSection _fprintf 40923->41024 40925 41a1dd ___lock_fhandle 40925->40892 40926->40883 40927->40887 40928->40900 40930->40903 40931->40906 40932->40908 40933->40910 40934->40904 40936 41cf42 __flsbuf ___lock_fhandle 40935->40936 40937 41cf7a 40936->40937 40938 41cf5d 40936->40938 40952 41c8aa 40937->40952 40950 419249 67 API calls __getptd_noexit 40938->40950 40941 41cf62 40951 42147f 4 API calls 2 library calls 40941->40951 40942 41cf80 40958 42087b 67 API calls 4 library calls 40942->40958 40945 41cf8a 40959 420911 101 API calls __flush 40945->40959 40947 41cf72 ___lock_fhandle 40947->40914 40948 41cfa3 40960 41cfbe LeaveCriticalSection LeaveCriticalSection _fprintf 40948->40960 40950->40941 40953 41c8b7 40952->40953 40954 41c8ce EnterCriticalSection 40952->40954 40953->40954 40955 41c8be 40953->40955 40954->40942 40961 41f954 40955->40961 40957 41c8cc 40957->40942 40958->40945 40959->40948 40960->40947 40962 41f967 40961->40962 40963 41f97a EnterCriticalSection 40961->40963 40968 41f891 40962->40968 40963->40957 40965 41f96d 40965->40963 40997 419bec 67 API calls 3 library calls 40965->40997 40967 41f979 40967->40963 40969 41f89d ___lock_fhandle 40968->40969 40970 41f8c5 40969->40970 40971 41f8ad 40969->40971 40973 41f8c3 40970->40973 40980 41f8d3 ___lock_fhandle 40970->40980 40998 420816 67 API calls __NMSG_WRITE 40971->40998 40973->40970 41001 4230fb 67 API calls _malloc 40973->41001 40974 41f8b2 40999 420676 67 API calls 7 library calls 40974->40999 40976 41f8de 40978 41f8e5 40976->40978 40979 41f8f4 40976->40979 41002 419249 67 API calls __getptd_noexit 40978->41002 40983 41f954 __lock 67 API calls 40979->40983 40980->40965 40981 41f8b9 41000 419c36 GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 40981->41000 40986 41f8fb 40983->40986 40985 41f8ea 40985->40980 40987 41f903 40986->40987 40988 41f92f 40986->40988 41003 423036 67 API calls 5 library calls 40987->41003 40989 418d4a ___convertcp 67 API calls 40988->40989 40991 41f920 40989->40991 41018 41f94b LeaveCriticalSection _doexit 40991->41018 40992 41f90e 40992->40991 41004 418d4a 40992->41004 40995 41f91a 41017 419249 67 API calls __getptd_noexit 40995->41017 40997->40967 40998->40974 40999->40981 41001->40976 41002->40985 41003->40992 41005 418d56 ___lock_fhandle 41004->41005 41006 418d95 41005->41006 41007 418dcf ___lock_fhandle __dosmaperr 41005->41007 41008 41f954 __lock 65 API calls 41005->41008 41006->41007 41009 418daa RtlFreeHeap 41006->41009 41007->40995 41012 418d6d ___sbh_find_block 41008->41012 41009->41007 41010 418dbc 41009->41010 41021 419249 67 API calls __getptd_noexit 41010->41021 41014 418d87 41012->41014 41019 41f9f8 __VEC_memcpy VirtualFree VirtualFree HeapFree __fptostr 41012->41019 41013 418dc1 GetLastError 41013->41007 41020 418da0 LeaveCriticalSection _doexit 41014->41020 41017->40991 41018->40985 41019->41014 41020->41006 41021->41013 41022->40925 41023->40923 41024->40925 41025 407c6b GetWindowLongA 41026 407ca1 41025->41026 41027 407c8a DefWindowProcA 41025->41027 41026->41027 41030 407ca7 41026->41030 41028 40810d 41027->41028 41029 4080fd ValidateRect 41029->41028 41030->41029 41031 41ea2a 41071 420484 41031->41071 41033 41ea36 GetProcessHeap HeapAlloc 41034 41ea53 41033->41034 41035 41ea65 GetVersionExA 41033->41035 41250 41e9c5 67 API calls 3 library calls 41034->41250 41037 41ea80 GetProcessHeap HeapFree 41035->41037 41038 41ea75 GetProcessHeap HeapFree 41035->41038 41039 41eaac 41037->41039 41040 41ea5a ___lock_fhandle 41038->41040 41072 41f784 HeapCreate 41039->41072 41042 41eaeb 41043 41eaf7 41042->41043 41251 41e9c5 67 API calls 3 library calls 41042->41251 41082 4218ef GetModuleHandleA 41043->41082 41046 41eafd 41047 41eb08 __RTC_Initialize 41046->41047 41252 41e9c5 67 API calls 3 library calls 41046->41252 41115 42328f 41047->41115 41050 41eb17 41051 41eb23 GetCommandLineA 41050->41051 41253 419bec 67 API calls 3 library calls 41050->41253 41132 427cc6 41051->41132 41055 41eb22 41055->41051 41058 41eb48 41171 42799a 41058->41171 41063 41eb59 41064 41eb6c 41063->41064 41256 419bec 67 API calls 3 library calls 41063->41256 41186 4070e6 41064->41186 41068 41eb9b 41258 419e8a 67 API calls _doexit 41068->41258 41071->41033 41073 41f7a4 41072->41073 41074 41f7a7 41072->41074 41073->41042 41259 41f729 67 API calls 2 library calls 41074->41259 41076 41f7ac 41077 41f7b6 41076->41077 41078 41f7da 41076->41078 41260 41f985 HeapAlloc 41077->41260 41078->41042 41080 41f7c0 41080->41078 41081 41f7c5 HeapDestroy 41080->41081 41081->41073 41083 421901 41082->41083 41084 42190a GetProcAddress GetProcAddress GetProcAddress GetProcAddress 41082->41084 41261 4215d9 5 API calls __decode_pointer 41083->41261 41086 421954 TlsAlloc 41084->41086 41089 4219a2 TlsSetValue 41086->41089 41090 421a6e 41086->41090 41089->41090 41091 4219b3 41089->41091 41090->41046 41262 419ea8 4 API calls 3 library calls 41091->41262 41093 4219b8 41263 4214a3 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 41093->41263 41095 4219c3 41264 4214a3 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 41095->41264 41097 4219d3 41265 4214a3 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 41097->41265 41099 4219e3 41266 4214a3 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 41099->41266 41101 4219f3 41267 41f7de 67 API calls ___crtInitCritSecAndSpinCount 41101->41267 41103 421a00 41104 421a69 41103->41104 41268 42150f TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 41103->41268 41287 4215d9 5 API calls __decode_pointer 41104->41287 41107 421a14 41107->41104 41269 42313b 41107->41269 41111 421a47 41111->41104 41112 421a4e 41111->41112 41276 421616 41112->41276 41114 421a56 GetCurrentThreadId 41114->41090 41323 420484 41115->41323 41117 42329b GetStartupInfoA 41118 42313b __calloc_crt 67 API calls 41117->41118 41120 4232bc 41118->41120 41119 4234c6 ___lock_fhandle 41119->41050 41120->41119 41122 423390 41120->41122 41123 42313b __calloc_crt 67 API calls 41120->41123 41126 42340d 41120->41126 41121 423443 GetStdHandle 41121->41126 41122->41126 41127 4233c4 41122->41127 41128 4233b9 GetFileType 41122->41128 41123->41120 41124 4234a8 SetHandleCount 41124->41119 41125 423455 GetFileType 41125->41126 41126->41121 41126->41124 41126->41125 41131 42346c 41126->41131 41127->41119 41127->41122 41324 423036 67 API calls 5 library calls 41127->41324 41128->41122 41128->41127 41131->41119 41131->41126 41325 423036 67 API calls 5 library calls 41131->41325 41133 427ce2 GetEnvironmentStringsW 41132->41133 41134 427d01 41132->41134 41135 427cf6 GetLastError 41133->41135 41136 427cea 41133->41136 41134->41136 41138 427d9c 41134->41138 41135->41134 41137 427d1c GetEnvironmentStringsW 41136->41137 41142 427d2b 41136->41142 41140 41eb33 41137->41140 41137->41142 41139 427da4 GetEnvironmentStrings 41138->41139 41138->41140 41139->41140 41141 427db4 41139->41141 41158 427c0d 41140->41158 41327 4230fb 67 API calls _malloc 41141->41327 41142->41142 41143 427d40 WideCharToMultiByte 41142->41143 41144 427d91 FreeEnvironmentStringsW 41143->41144 41145 427d5f 41143->41145 41144->41140 41326 4230fb 67 API calls _malloc 41145->41326 41149 427dcd 41151 427de0 __fwrite_nolock 41149->41151 41152 427dd4 FreeEnvironmentStringsA 41149->41152 41150 427d65 41150->41144 41153 427d6e WideCharToMultiByte 41150->41153 41156 427de8 FreeEnvironmentStringsA 41151->41156 41152->41140 41154 427d7f 41153->41154 41155 427d88 41153->41155 41157 418d4a ___convertcp 67 API calls 41154->41157 41155->41144 41156->41140 41157->41155 41159 427c20 41158->41159 41160 427c25 GetModuleFileNameA 41158->41160 41334 422555 110 API calls __setmbcp 41159->41334 41162 427c4c 41160->41162 41328 427a75 41162->41328 41165 41eb3d 41165->41058 41254 419bec 67 API calls 3 library calls 41165->41254 41166 427c88 41335 4230fb 67 API calls _malloc 41166->41335 41168 427c8e 41168->41165 41169 427a75 _parse_cmdline 77 API calls 41168->41169 41170 427ca8 41169->41170 41170->41165 41172 4279a7 41171->41172 41175 4279ac _strlen 41171->41175 41337 422555 110 API calls __setmbcp 41172->41337 41174 41eb4e 41174->41063 41255 419bec 67 API calls 3 library calls 41174->41255 41175->41174 41176 42313b __calloc_crt 67 API calls 41175->41176 41179 4279df _strlen 41176->41179 41177 427a3a 41178 418d4a ___convertcp 67 API calls 41177->41178 41178->41174 41179->41174 41179->41177 41180 42313b __calloc_crt 67 API calls 41179->41180 41181 427a5f 41179->41181 41184 427a24 41179->41184 41338 421d01 67 API calls 2 library calls 41179->41338 41180->41179 41182 418d4a ___convertcp 67 API calls 41181->41182 41182->41174 41184->41179 41339 421383 10 API calls 3 library calls 41184->41339 41188 4070ff __tzset_nolock 41186->41188 41187 4073ad 41188->41187 41189 407133 41188->41189 41190 407186 __tzset_nolock 41188->41190 41340 4069ec 41189->41340 41195 4071a3 __tzset_nolock 41190->41195 41196 407199 41190->41196 41192 40713b 41193 407152 41192->41193 41194 407144 41192->41194 41199 418eea _printf 105 API calls 41193->41199 41197 418eea _printf 105 API calls 41194->41197 41204 4072f3 __tzset_nolock 41195->41204 41205 4071ba 41195->41205 41362 40a012 41196->41362 41200 40714f 41197->41200 41199->41200 41202 407172 41200->41202 41203 407164 41200->41203 41201 40716f 41201->41068 41257 419e68 67 API calls _doexit 41201->41257 41202->41187 41209 418eea _printf 105 API calls 41202->41209 41206 418eea _printf 105 API calls 41203->41206 41210 407306 41204->41210 41216 40733a __tzset_nolock 41204->41216 41375 41a324 41205->41375 41206->41201 41208 4071c9 _strlen 41378 418e27 41208->41378 41209->41201 41211 418eea _printf 105 API calls 41210->41211 41212 407314 41211->41212 41426 4084b6 116 API calls 2 library calls 41212->41426 41215 4071e7 _memset 41397 409858 105 API calls 2 library calls 41215->41397 41216->41187 41427 4083cf 41216->41427 41217 40731f 41217->41202 41221 4071fe 41222 40a137 111 API calls 41221->41222 41227 407210 41222->41227 41223 407392 41226 418eea _printf 105 API calls 41223->41226 41224 407384 41225 418eea _printf 105 API calls 41224->41225 41225->41202 41226->41202 41228 40a137 111 API calls 41227->41228 41229 40721b 41228->41229 41230 418e27 _malloc 67 API calls 41229->41230 41231 407231 41230->41231 41398 40cd70 105 API calls 2 library calls 41231->41398 41233 407241 41234 407259 41233->41234 41235 418eea _printf 105 API calls 41233->41235 41234->41202 41236 40726a 41234->41236 41237 407252 41235->41237 41399 40847c 41236->41399 41239 418d4a ___convertcp 67 API calls 41237->41239 41239->41234 41240 407273 41404 406a95 41240->41404 41242 407285 41243 418e27 _malloc 67 API calls 41242->41243 41244 40728d 41243->41244 41409 408587 41244->41409 41247 40729f 41249 4072d5 WaitForSingleObject 41247->41249 41416 406ee3 EnterCriticalSection 41247->41416 41425 406b62 111 API calls 2 library calls 41247->41425 41249->41201 41250->41040 41251->41043 41252->41047 41253->41055 41254->41058 41255->41063 41256->41064 41257->41068 41258->41040 41259->41076 41260->41080 41262->41093 41263->41095 41264->41097 41265->41099 41266->41101 41267->41103 41268->41107 41271 42313f 41269->41271 41272 421a2d 41271->41272 41273 42315f Sleep 41271->41273 41288 41c676 41271->41288 41272->41104 41275 42150f TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 41272->41275 41274 423174 41273->41274 41274->41271 41274->41272 41275->41111 41306 420484 41276->41306 41278 421622 GetModuleHandleA 41279 421644 GetProcAddress GetProcAddress 41278->41279 41280 421668 InterlockedIncrement 41278->41280 41279->41280 41281 41f954 __lock 63 API calls 41280->41281 41282 42168f 41281->41282 41307 4226b3 InterlockedIncrement 41282->41307 41284 4216ae 41319 4216c1 41284->41319 41286 4216bb ___lock_fhandle 41286->41114 41289 41c682 ___lock_fhandle 41288->41289 41290 41c69a 41289->41290 41300 41c6b9 _memset 41289->41300 41301 419249 67 API calls __getptd_noexit 41290->41301 41292 41c69f 41302 42147f 4 API calls 2 library calls 41292->41302 41294 41c72b RtlAllocateHeap 41294->41300 41295 41f954 __lock 66 API calls 41295->41300 41296 41c6af ___lock_fhandle 41296->41271 41300->41294 41300->41295 41300->41296 41303 4201a1 5 API calls 2 library calls 41300->41303 41304 41c772 LeaveCriticalSection _doexit 41300->41304 41305 420859 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 41300->41305 41301->41292 41303->41300 41304->41300 41305->41300 41306->41278 41308 4226d1 41307->41308 41309 4226ce InterlockedIncrement 41307->41309 41310 4226db InterlockedIncrement 41308->41310 41311 4226de 41308->41311 41309->41308 41310->41311 41312 4226eb 41311->41312 41313 4226e8 InterlockedIncrement 41311->41313 41314 4226f5 InterlockedIncrement 41312->41314 41316 4226f8 41312->41316 41313->41312 41314->41316 41315 42270d InterlockedIncrement 41315->41316 41316->41315 41317 422726 InterlockedIncrement 41316->41317 41318 42271d InterlockedIncrement 41316->41318 41317->41284 41318->41316 41322 41f87c LeaveCriticalSection 41319->41322 41321 4216c8 41321->41286 41322->41321 41323->41117 41324->41127 41325->41131 41326->41150 41327->41149 41330 427a92 41328->41330 41332 427aff 41330->41332 41336 42b9a0 77 API calls x_ismbbtype_l 41330->41336 41331 427bfd 41331->41165 41331->41166 41332->41331 41333 42b9a0 77 API calls _parse_cmdline 41332->41333 41333->41332 41334->41160 41335->41168 41336->41330 41337->41175 41338->41179 41339->41184 41341 418e27 _malloc 67 API calls 41340->41341 41342 4069ff _memset 41341->41342 41343 40a137 111 API calls 41342->41343 41344 406a1b WinHttpGetIEProxyConfigForCurrentUser 41343->41344 41345 406a45 41344->41345 41346 406a2b 41344->41346 41439 4068a4 41345->41439 41347 40a137 111 API calls 41346->41347 41349 406a35 41347->41349 41350 406a58 41349->41350 41351 406a3b 41349->41351 41354 406a6d 41350->41354 41355 406a5d 41350->41355 41353 40a137 111 API calls 41351->41353 41352 406a50 41352->41192 41353->41345 41354->41352 41357 40a137 111 API calls 41354->41357 41356 40a137 111 API calls 41355->41356 41356->41345 41358 406a7c 41357->41358 41472 40862f 82 API calls 3 library calls 41358->41472 41360 406a85 41473 40862f 82 API calls 3 library calls 41360->41473 41548 40107c 41362->41548 41365 40a020 41568 401167 41365->41568 41366 40a02c CreateDirectoryA 41370 41e711 41366->41370 41371 41e709 GetLastError 41366->41371 41372 41e722 41370->41372 41578 41926f 67 API calls 2 library calls 41370->41578 41371->41370 41372->41201 41374 41e71d 41374->41201 41638 41a260 41375->41638 41377 41a333 41377->41208 41379 418ed4 41378->41379 41390 418e35 41378->41390 42034 420859 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 41379->42034 41381 418eda 42035 419249 67 API calls __getptd_noexit 41381->42035 41384 418ee0 41384->41215 41387 418e98 RtlAllocateHeap 41387->41390 41388 418e4a 41388->41390 42027 420816 67 API calls __NMSG_WRITE 41388->42027 42028 420676 67 API calls 7 library calls 41388->42028 42029 419c36 GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 41388->42029 41390->41387 41390->41388 41391 418ecb 41390->41391 41392 418ebf 41390->41392 41395 418ebd 41390->41395 42030 418dd8 67 API calls 4 library calls 41390->42030 42031 420859 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 41390->42031 41391->41215 42032 419249 67 API calls __getptd_noexit 41392->42032 42033 419249 67 API calls __getptd_noexit 41395->42033 41397->41221 41398->41233 41400 406a95 70 API calls 41399->41400 41401 408489 41400->41401 42036 41c794 41401->42036 41405 41c794 _calloc 67 API calls 41404->41405 41406 406aa5 41405->41406 41407 41c794 _calloc 67 API calls 41406->41407 41408 406abe CreateEventA CreateEventA InitializeCriticalSection 41407->41408 41408->41242 41410 418e27 _malloc 67 API calls 41409->41410 41411 408591 41410->41411 41412 406a95 70 API calls 41411->41412 41413 4085a1 41412->41413 41414 41c794 _calloc 67 API calls 41413->41414 41415 4085ac CreateThread CreateThread 41414->41415 41415->41247 42245 408247 41415->42245 42252 40827c 41415->42252 41417 406cb8 112 API calls 41416->41417 41418 406eff 41417->41418 41419 406f1d SetEvent LeaveCriticalSection 41418->41419 41420 418eea _printf 105 API calls 41418->41420 41421 406f36 41419->41421 41424 406f43 41419->41424 41422 406f1a 41420->41422 41423 418eea _printf 105 API calls 41421->41423 41422->41419 41423->41424 41424->41247 41425->41247 41426->41217 41428 406a95 70 API calls 41427->41428 41429 4083e5 41428->41429 41430 40a137 111 API calls 41429->41430 41431 4083f5 41430->41431 41432 41c794 _calloc 67 API calls 41431->41432 41433 408401 41432->41433 41434 41c794 _calloc 67 API calls 41433->41434 41435 408411 41434->41435 41436 41a324 156 API calls 41435->41436 41437 408423 CreateThread CreateThread WaitForSingleObject WaitForSingleObject 41436->41437 41438 407369 41437->41438 42551 4082b0 41437->42551 42565 40820d 41437->42565 41438->41202 41438->41223 41438->41224 41474 4085ef 41439->41474 41441 4068b6 _memset 41442 40a137 111 API calls 41441->41442 41443 4068e8 WinHttpOpen 41442->41443 41444 406906 41443->41444 41445 4069de 41443->41445 41449 40a137 111 API calls 41444->41449 41451 406922 41444->41451 41446 418d4a ___convertcp 67 API calls 41445->41446 41448 4069e6 41446->41448 41447 40a137 111 API calls 41450 406941 WinHttpGetProxyForUrl 41447->41450 41448->41352 41449->41451 41452 4069a8 GetLastError 41450->41452 41453 40695b 41450->41453 41451->41447 41454 40a137 111 API calls 41452->41454 41455 40a137 111 API calls 41453->41455 41456 406975 41454->41456 41457 406965 41455->41457 41460 4069c6 GlobalFree 41456->41460 41461 4069cb 41456->41461 41458 406977 41457->41458 41459 40696b 41457->41459 41463 40a137 111 API calls 41458->41463 41462 40a137 111 API calls 41459->41462 41460->41461 41464 4069d0 GlobalFree 41461->41464 41465 4069d5 WinHttpCloseHandle 41461->41465 41462->41456 41466 406985 41463->41466 41464->41465 41465->41445 41467 40a137 111 API calls 41466->41467 41468 40698e 41467->41468 41481 40862f 82 API calls 3 library calls 41468->41481 41470 406996 41482 40862f 82 API calls 3 library calls 41470->41482 41472->41360 41473->41352 41475 4085f7 41474->41475 41476 4085fb _strlen 41474->41476 41475->41441 41477 418e27 _malloc 67 API calls 41476->41477 41478 40860c _strlen 41477->41478 41483 41c4ab 41478->41483 41480 408627 41480->41441 41481->41470 41482->41456 41486 41c3b5 41483->41486 41487 41c3c9 41486->41487 41488 41c3f3 41487->41488 41489 41c3ce 41487->41489 41506 4198e5 41488->41506 41504 419249 67 API calls __getptd_noexit 41489->41504 41492 41c3da 41505 42147f 4 API calls 2 library calls 41492->41505 41496 41c424 41497 41c448 41496->41497 41498 41c42c 41496->41498 41500 41c3e9 41497->41500 41516 419249 67 API calls __getptd_noexit 41497->41516 41515 419249 67 API calls __getptd_noexit 41498->41515 41500->41480 41502 41c460 41517 42147f 4 API calls 2 library calls 41502->41517 41504->41492 41507 4198f4 41506->41507 41510 419941 41506->41510 41518 42174d 41507->41518 41509 4198f9 41511 419921 41509->41511 41523 422803 75 API calls 5 library calls 41509->41523 41514 41c22d 81 API calls 5 library calls 41510->41514 41511->41510 41524 4220f2 69 API calls 6 library calls 41511->41524 41514->41496 41515->41500 41516->41502 41525 4216ca GetLastError 41518->41525 41520 421753 41521 421760 41520->41521 41541 419bec 67 API calls 3 library calls 41520->41541 41521->41509 41523->41511 41524->41510 41542 421596 TlsGetValue 41525->41542 41528 4216ed 41529 421741 SetLastError 41528->41529 41530 42313b __calloc_crt 63 API calls 41528->41530 41529->41520 41531 4216ff 41530->41531 41531->41529 41532 421707 41531->41532 41547 42150f TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 41532->41547 41534 421719 41535 421720 41534->41535 41536 421738 41534->41536 41537 421616 __initptd 63 API calls 41535->41537 41538 418d4a ___convertcp 63 API calls 41536->41538 41539 421728 GetCurrentThreadId 41537->41539 41540 42173e 41538->41540 41539->41529 41540->41529 41541->41521 41543 4215a6 41542->41543 41544 4215bf TlsGetValue 41542->41544 41545 42150f __decode_pointer TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 41543->41545 41544->41528 41546 4215b1 TlsSetValue 41545->41546 41546->41544 41547->41534 41549 401155 41548->41549 41550 40108f 41548->41550 41611 419249 67 API calls __getptd_noexit 41549->41611 41550->41549 41553 401098 __mbschr_l _strlen 41550->41553 41552 40111f 41552->41365 41552->41366 41554 418e27 _malloc 67 API calls 41553->41554 41558 4010cf _strlen 41554->41558 41555 40113f 41556 418d4a ___convertcp 67 API calls 41555->41556 41557 401145 41556->41557 41610 419249 67 API calls __getptd_noexit 41557->41610 41558->41555 41559 418e27 _malloc 67 API calls 41558->41559 41561 4010e8 41559->41561 41561->41555 41562 4010f4 _strcat 41561->41562 41579 4192f3 41562->41579 41565 418d4a ___convertcp 67 API calls 41566 401133 41565->41566 41567 418d4a ___convertcp 67 API calls 41566->41567 41567->41552 41569 40116f 41568->41569 41577 401190 41568->41577 41574 40117c 41569->41574 41631 419552 FindClose 41569->41631 41572 418d4a ___convertcp 67 API calls 41575 40118a 41572->41575 41573 40119c 41573->41201 41574->41572 41576 418d4a ___convertcp 67 API calls 41575->41576 41576->41577 41577->41573 41636 419249 67 API calls __getptd_noexit 41577->41636 41578->41374 41580 419334 41579->41580 41581 419314 41579->41581 41580->41581 41582 419338 FindFirstFileA 41580->41582 41612 419249 67 API calls __getptd_noexit 41581->41612 41585 419393 41582->41585 41586 41934e GetLastError 41582->41586 41584 419319 41613 42147f 4 API calls 2 library calls 41584->41613 41617 41928d 125 API calls ___loctotime64_t 41585->41617 41589 41935b 41586->41589 41590 41936a 41586->41590 41593 41938a 41589->41593 41597 419365 41589->41597 41598 41937d 41589->41598 41614 419249 67 API calls __getptd_noexit 41590->41614 41591 419329 41622 418d3b 41591->41622 41592 4193b6 41618 41928d 125 API calls ___loctotime64_t 41592->41618 41616 419249 67 API calls __getptd_noexit 41593->41616 41597->41590 41597->41593 41615 419249 67 API calls __getptd_noexit 41598->41615 41600 4193c8 41619 41928d 125 API calls ___loctotime64_t 41600->41619 41602 401115 41602->41552 41602->41565 41604 4193da 41620 421d01 67 API calls 2 library calls 41604->41620 41606 4193fe 41606->41591 41607 419405 41606->41607 41621 421383 10 API calls 3 library calls 41607->41621 41609 41940f 41609->41591 41610->41552 41611->41552 41612->41584 41614->41591 41615->41591 41616->41591 41617->41592 41618->41600 41619->41604 41620->41606 41621->41609 41623 418d43 41622->41623 41624 418d45 IsDebuggerPresent 41622->41624 41623->41602 41630 42832a 41624->41630 41627 41f6f0 SetUnhandledExceptionFilter UnhandledExceptionFilter 41628 41f715 GetCurrentProcess TerminateProcess 41627->41628 41629 41f70d __invoke_watson 41627->41629 41628->41602 41629->41628 41630->41627 41632 419560 41631->41632 41633 41956f 41631->41633 41637 419249 67 API calls __getptd_noexit 41632->41637 41633->41574 41635 419565 41635->41574 41636->41573 41637->41635 41641 41a26c ___lock_fhandle 41638->41641 41639 41a27f 41698 419249 67 API calls __getptd_noexit 41639->41698 41641->41639 41643 41a2b4 41641->41643 41642 41a284 41699 42147f 4 API calls 2 library calls 41642->41699 41657 4242d6 41643->41657 41646 41a2b9 41647 41a2c0 41646->41647 41648 41a2cd 41646->41648 41700 419249 67 API calls __getptd_noexit 41647->41700 41650 41a2f4 41648->41650 41651 41a2d4 41648->41651 41676 424034 41650->41676 41701 419249 67 API calls __getptd_noexit 41651->41701 41654 41a294 ___lock_fhandle @_EH4_CallFilterFunc@8 41654->41377 41658 4242e2 ___lock_fhandle 41657->41658 41659 41f954 __lock 67 API calls 41658->41659 41668 4242f0 41659->41668 41660 424361 41708 4230fb 67 API calls _malloc 41660->41708 41663 4243e8 ___lock_fhandle 41663->41646 41664 42436b 41669 42435d 41664->41669 41709 423036 67 API calls 5 library calls 41664->41709 41665 41f891 __mtinitlocknum 67 API calls 41665->41668 41668->41660 41668->41665 41668->41669 41706 41c8d9 68 API calls __lock 41668->41706 41707 41c92b LeaveCriticalSection LeaveCriticalSection _doexit 41668->41707 41703 4243f3 41669->41703 41670 424390 41672 42439b 41670->41672 41673 4243ae EnterCriticalSection 41670->41673 41674 418d4a ___convertcp 67 API calls 41672->41674 41673->41669 41675 4243a3 41674->41675 41675->41669 41677 424054 41676->41677 41678 424068 41677->41678 41688 424087 41677->41688 41714 419249 67 API calls __getptd_noexit 41678->41714 41680 42406d 41715 42147f 4 API calls 2 library calls 41680->41715 41682 424275 41720 419249 67 API calls __getptd_noexit 41682->41720 41683 42428f 41711 42a03e 41683->41711 41686 42427a 41721 42147f 4 API calls 2 library calls 41686->41721 41688->41682 41697 424225 41688->41697 41716 42a3f2 77 API calls __mbsnbcmp_l 41688->41716 41691 42420a 41691->41682 41717 42a276 102 API calls __mbsicmp_l 41691->41717 41693 42421f 41693->41697 41718 42a276 102 API calls __mbsicmp_l 41693->41718 41695 42423c 41695->41697 41719 42a276 102 API calls __mbsicmp_l 41695->41719 41697->41682 41697->41683 41698->41642 41700->41654 41701->41654 41702 41a31a LeaveCriticalSection LeaveCriticalSection _fprintf 41702->41654 41710 41f87c LeaveCriticalSection 41703->41710 41705 4243fa 41705->41663 41706->41668 41707->41668 41708->41664 41709->41670 41710->41705 41722 429f72 41711->41722 41713 41a2ff 41713->41702 41714->41680 41716->41691 41717->41693 41718->41695 41719->41697 41720->41686 41724 429f7e ___lock_fhandle 41722->41724 41723 429f91 41815 419249 67 API calls __getptd_noexit 41723->41815 41724->41723 41726 429fcf 41724->41726 41733 429934 41726->41733 41727 429f96 41816 42147f 4 API calls 2 library calls 41727->41816 41732 429fa5 ___lock_fhandle 41732->41713 41734 42995d 41733->41734 41818 429647 41734->41818 41737 42998b 41825 419c95 41737->41825 41738 42997e 41851 421383 10 API calls 3 library calls 41738->41851 41741 429988 41741->41737 41743 429999 41852 421383 10 API calls 3 library calls 41743->41852 41745 4299a3 41750 4299a6 41745->41750 41746 4299d9 41853 41925c 67 API calls __getptd_noexit 41746->41853 41748 4299de 41854 419249 67 API calls __getptd_noexit 41748->41854 41750->41746 41753 429a89 41750->41753 41751 4299e8 41855 42147f 4 API calls 2 library calls 41751->41855 41832 4293ec 41753->41832 41755 429b2f 41756 429b36 41755->41756 41757 429b4d CreateFileA 41755->41757 41856 41925c 67 API calls __getptd_noexit 41756->41856 41759 429b75 41757->41759 41760 429ba9 GetFileType 41757->41760 41762 429b90 GetLastError 41759->41762 41763 429bb4 CloseHandle 41760->41763 41766 429bd8 41760->41766 41761 429b3b 41857 419249 67 API calls __getptd_noexit 41761->41857 41858 41926f 67 API calls 2 library calls 41762->41858 41763->41762 41860 4291bb 68 API calls 2 library calls 41766->41860 41769 4299f7 41817 42a010 LeaveCriticalSection __unlock_fhandle 41769->41817 41770 429bf4 41770->41769 41776 429c6a 41770->41776 41861 4276b4 41770->41861 41772 429c5b 41773 429c65 41772->41773 41774 429c7e 41772->41774 41872 41925c 67 API calls __getptd_noexit 41773->41872 41888 424755 41774->41888 41776->41769 41779 429e1d 41776->41779 41786 429d66 41776->41786 41811 429c72 41776->41811 41779->41769 41788 429e3a 41779->41788 41795 429d8a 41779->41795 41780 429caf 41783 4276b4 __locking 69 API calls 41780->41783 41781 429de4 41784 424755 __read_nolock 77 API calls 41781->41784 41782 429c9b 41956 42bce8 105 API calls 6 library calls 41782->41956 41783->41776 41796 429df1 41784->41796 41786->41769 41786->41781 41792 429dba 41786->41792 41786->41795 41959 428d70 69 API calls 3 library calls 41788->41959 41789 429b45 41859 419249 67 API calls __getptd_noexit 41789->41859 41790 429ca8 41790->41780 41790->41811 41957 428d70 69 API calls 3 library calls 41792->41957 41793 429e45 41793->41795 41799 429e50 41793->41799 41795->41769 41795->41811 41962 423bf6 101 API calls 6 library calls 41795->41962 41796->41769 41797 429eb8 41796->41797 41800 429e95 41796->41800 41801 429e7c 41796->41801 41796->41811 41806 4276b4 __locking 69 API calls 41797->41806 41960 428d70 69 API calls 3 library calls 41799->41960 41800->41797 41803 429e9c 41800->41803 41802 4234cf __close_nolock 70 API calls 41801->41802 41807 429e83 41802->41807 41808 4276b4 __locking 69 API calls 41803->41808 41804 429dc5 41804->41795 41809 429dcc 41804->41809 41806->41811 41961 419249 67 API calls __getptd_noexit 41807->41961 41808->41811 41958 428d70 69 API calls 3 library calls 41809->41958 41810 429e5a 41810->41811 41811->41769 41873 4234cf 41811->41873 41814 429dd6 41814->41781 41814->41811 41815->41727 41817->41732 41819 429652 41818->41819 41820 42966f 41818->41820 41963 419249 67 API calls __getptd_noexit 41819->41963 41820->41737 41820->41738 41822 429657 41964 42147f 4 API calls 2 library calls 41822->41964 41826 419ca0 41825->41826 41828 419cc6 41826->41828 41965 419249 67 API calls __getptd_noexit 41826->41965 41828->41743 41828->41750 41829 419ca5 41966 42147f 4 API calls 2 library calls 41829->41966 41833 4293f8 ___lock_fhandle 41832->41833 41834 41f891 __mtinitlocknum 67 API calls 41833->41834 41835 429408 41834->41835 41836 41f954 __lock 67 API calls 41835->41836 41837 42940d ___lock_fhandle 41835->41837 41846 42941c 41836->41846 41837->41755 41838 429564 41981 429582 LeaveCriticalSection _doexit 41838->41981 41839 4294fa 41841 42313b __calloc_crt 67 API calls 41839->41841 41844 429503 41841->41844 41842 42949d EnterCriticalSection 41845 4294ad LeaveCriticalSection 41842->41845 41842->41846 41843 41f954 __lock 67 API calls 41843->41846 41844->41838 41969 42932a 41844->41969 41845->41846 41846->41838 41846->41839 41846->41842 41846->41843 41850 429472 41846->41850 41968 4294bf LeaveCriticalSection _doexit 41846->41968 41850->41846 41967 423036 67 API calls 5 library calls 41850->41967 41851->41741 41852->41745 41853->41748 41854->41751 41856->41761 41857->41789 41858->41789 41859->41769 41860->41770 41984 4292b9 41861->41984 41863 4276bf 41864 4276d5 SetFilePointer 41863->41864 41865 4276c5 41863->41865 41867 4276f6 41864->41867 41868 4276ee GetLastError 41864->41868 41998 419249 67 API calls __getptd_noexit 41865->41998 41870 427702 41867->41870 41999 41926f 67 API calls 2 library calls 41867->41999 41868->41867 41869 4276ca 41869->41772 41870->41772 41872->41776 41874 4292b9 __commit 67 API calls 41873->41874 41876 4234db 41874->41876 41875 42352e 42005 429238 68 API calls 2 library calls 41875->42005 41876->41875 41878 42350c 41876->41878 41881 4292b9 __commit 67 API calls 41876->41881 41878->41875 41879 4292b9 __commit 67 API calls 41878->41879 41882 423518 FindCloseChangeNotification 41879->41882 41880 423536 41883 423558 41880->41883 42006 41926f 67 API calls 2 library calls 41880->42006 41884 423503 41881->41884 41882->41875 41885 423524 GetLastError 41882->41885 41883->41789 41887 4292b9 __commit 67 API calls 41884->41887 41885->41875 41887->41878 41889 42478a 41888->41889 41890 42476f 41888->41890 41892 424799 41889->41892 41895 4247c0 41889->41895 42007 41925c 67 API calls __getptd_noexit 41890->42007 42009 41925c 67 API calls __getptd_noexit 41892->42009 41894 424774 42008 419249 67 API calls __getptd_noexit 41894->42008 41897 4247df 41895->41897 41905 4247f6 41895->41905 41896 42479e 42010 419249 67 API calls __getptd_noexit 41896->42010 42012 41925c 67 API calls __getptd_noexit 41897->42012 41901 4247a5 42011 42147f 4 API calls 2 library calls 41901->42011 41902 4247e4 42013 419249 67 API calls __getptd_noexit 41902->42013 41906 42492b 41905->41906 41907 424829 41905->41907 41908 42477c 41905->41908 41912 42494c 41905->41912 42014 41925c 67 API calls __getptd_noexit 41906->42014 41907->41906 41911 424838 ReadFile 41907->41911 41908->41780 41908->41782 41910 4247eb 42016 42147f 4 API calls 2 library calls 41910->42016 41920 4248e2 41911->41920 41921 424cba GetLastError 41911->41921 42017 4230fb 67 API calls _malloc 41912->42017 41913 424930 42015 419249 67 API calls __getptd_noexit 41913->42015 41919 424965 41919->41911 41922 424971 41919->41922 41920->41921 41925 4248f6 41920->41925 41923 424cc7 41921->41923 41924 424b4f 41921->41924 42018 419249 67 API calls __getptd_noexit 41922->42018 42025 419249 67 API calls __getptd_noexit 41923->42025 41939 424ad4 41924->41939 42023 41926f 67 API calls 2 library calls 41924->42023 41936 424912 41925->41936 41925->41939 41942 424b84 41925->41942 41929 424976 42019 41925c 67 API calls __getptd_noexit 41929->42019 41930 424ccc 42026 41925c 67 API calls __getptd_noexit 41930->42026 41933 418d4a ___convertcp 67 API calls 41933->41908 41934 424981 41934->41908 41935 4249e4 ReadFile 41938 424a02 GetLastError 41935->41938 41948 424a0c 41935->41948 41936->41935 41946 424a61 41936->41946 41937 424bff ReadFile 41940 424c1e GetLastError 41937->41940 41949 424c28 41937->41949 41938->41936 41938->41948 41939->41908 41939->41933 41940->41942 41940->41949 41941 424b25 MultiByteToWideChar 41941->41939 41943 424b49 GetLastError 41941->41943 41942->41937 41942->41939 41943->41924 41944 424acf 42021 419249 67 API calls __getptd_noexit 41944->42021 41945 424adc 41951 424b13 41945->41951 41952 424a99 41945->41952 41946->41939 41946->41944 41946->41945 41946->41952 41948->41936 42020 428d70 69 API calls 3 library calls 41948->42020 41949->41942 42024 428d70 69 API calls 3 library calls 41949->42024 42022 428d70 69 API calls 3 library calls 41951->42022 41952->41941 41955 424b22 41955->41941 41956->41790 41957->41804 41958->41814 41959->41793 41960->41810 41961->41769 41962->41795 41963->41822 41965->41829 41967->41850 41968->41846 41970 429336 ___lock_fhandle 41969->41970 41971 429391 41970->41971 41973 41f954 __lock 67 API calls 41970->41973 41972 429396 EnterCriticalSection 41971->41972 41974 4293b3 ___lock_fhandle 41971->41974 41972->41974 41975 429362 41973->41975 41974->41838 41976 429385 41975->41976 41977 42936b 41975->41977 41983 4293c1 LeaveCriticalSection _doexit 41976->41983 41982 423036 67 API calls 5 library calls 41977->41982 41980 429379 41980->41976 41981->41837 41982->41980 41983->41971 41985 4292c2 41984->41985 41986 4292d9 41984->41986 42000 41925c 67 API calls __getptd_noexit 41985->42000 41991 429326 41986->41991 42002 41925c 67 API calls __getptd_noexit 41986->42002 41988 4292c7 42001 419249 67 API calls __getptd_noexit 41988->42001 41991->41863 41992 429307 42003 419249 67 API calls __getptd_noexit 41992->42003 41993 4292cf 41993->41863 41995 42930e 42004 42147f 4 API calls 2 library calls 41995->42004 41998->41869 41999->41870 42000->41988 42001->41993 42002->41992 42003->41995 42005->41880 42006->41883 42007->41894 42008->41908 42009->41896 42010->41901 42012->41902 42013->41910 42014->41913 42015->41910 42017->41919 42018->41929 42019->41934 42020->41948 42021->41939 42022->41955 42023->41939 42024->41949 42025->41930 42026->41939 42027->41388 42028->41388 42030->41390 42031->41390 42032->41395 42033->41391 42034->41381 42035->41384 42037 41c676 __calloc_impl 67 API calls 42036->42037 42038 41c7ac 42037->42038 42039 408494 CreateThread 42038->42039 42043 419249 67 API calls __getptd_noexit 42038->42043 42039->41240 42045 408336 42039->42045 42041 41c7c2 42041->42039 42044 419249 67 API calls __getptd_noexit 42041->42044 42043->42041 42044->42039 42046 40a137 111 API calls 42045->42046 42047 40834c 42046->42047 42048 41c794 _calloc 67 API calls 42047->42048 42057 408362 __flsbuf 42048->42057 42049 4083b1 42059 41bcb1 42049->42059 42052 4083b7 42053 40a137 111 API calls 42052->42053 42054 4083c3 42053->42054 42055 41a1c4 107 API calls 42055->42057 42057->42049 42057->42055 42072 41a797 42057->42072 42075 406b62 111 API calls 2 library calls 42057->42075 42076 41c94e 42057->42076 42060 41bcbd ___lock_fhandle 42059->42060 42061 41bcd1 42060->42061 42062 41bcee 42060->42062 42099 419249 67 API calls __getptd_noexit 42061->42099 42065 41c8aa _fputc 68 API calls 42062->42065 42069 41bce6 ___lock_fhandle 42062->42069 42064 41bcd6 42100 42147f 4 API calls 2 library calls 42064->42100 42067 41bd06 42065->42067 42083 41bc3e 42067->42083 42069->42052 42154 41a6d0 42072->42154 42074 41a7ae 42074->42057 42075->42057 42077 41c975 42076->42077 42078 41c959 42076->42078 42077->42057 42243 419249 67 API calls __getptd_noexit 42078->42243 42080 41c95e 42244 42147f 4 API calls 2 library calls 42080->42244 42084 41bc6b 42083->42084 42085 41bc4e 42083->42085 42097 41bc63 42084->42097 42102 41a046 42084->42102 42142 419249 67 API calls __getptd_noexit 42085->42142 42087 41bc53 42143 42147f 4 API calls 2 library calls 42087->42143 42096 41bc8b 42096->42097 42098 418d4a ___convertcp 67 API calls 42096->42098 42101 41bd25 LeaveCriticalSection LeaveCriticalSection _fprintf 42097->42101 42098->42097 42099->42064 42101->42069 42103 41a05b 42102->42103 42104 41a07c 42102->42104 42103->42104 42105 423cd2 _fputc 67 API calls 42103->42105 42108 425dc7 42104->42108 42106 41a075 42105->42106 42144 423bf6 101 API calls 6 library calls 42106->42144 42109 425dd3 42108->42109 42110 41bc7f 42108->42110 42109->42110 42111 418d4a ___convertcp 67 API calls 42109->42111 42112 423cd2 42110->42112 42111->42110 42113 41bc85 42112->42113 42114 423cdd 42112->42114 42119 423563 42113->42119 42145 419249 67 API calls __getptd_noexit 42114->42145 42116 423ce2 42146 42147f 4 API calls 2 library calls 42116->42146 42120 42356f ___lock_fhandle 42119->42120 42121 423592 42120->42121 42122 423577 42120->42122 42124 4235a0 42121->42124 42128 4235e1 42121->42128 42147 41925c 67 API calls __getptd_noexit 42122->42147 42149 41925c 67 API calls __getptd_noexit 42124->42149 42126 42357c 42148 419249 67 API calls __getptd_noexit 42126->42148 42127 4235a5 42150 419249 67 API calls __getptd_noexit 42127->42150 42131 42932a ___lock_fhandle 68 API calls 42128->42131 42133 4235e7 42131->42133 42132 4235ac 42151 42147f 4 API calls 2 library calls 42132->42151 42135 423602 42133->42135 42136 4235f4 42133->42136 42152 419249 67 API calls __getptd_noexit 42135->42152 42138 4234cf __close_nolock 70 API calls 42136->42138 42137 423584 ___lock_fhandle 42137->42096 42140 4235fc 42138->42140 42142->42087 42144->42104 42145->42116 42147->42126 42148->42137 42149->42127 42150->42132 42152->42140 42155 41a6dc _memset ___lock_fhandle 42154->42155 42156 41a6fb 42155->42156 42159 41a75a 42155->42159 42163 41a710 ___lock_fhandle 42155->42163 42180 419249 67 API calls __getptd_noexit 42156->42180 42158 41a700 42181 42147f 4 API calls 2 library calls 42158->42181 42160 41c8aa _fputc 68 API calls 42159->42160 42162 41a762 42160->42162 42167 41a53a 42162->42167 42163->42074 42168 41a55a 42167->42168 42179 41a656 42167->42179 42170 423cd2 _fputc 67 API calls 42168->42170 42172 41a65b _memset 42168->42172 42174 41a691 _memset 42168->42174 42168->42179 42183 424cf7 42168->42183 42208 424dd3 67 API calls 4 library calls 42168->42208 42209 42454f 42168->42209 42170->42168 42229 419249 67 API calls __getptd_noexit 42172->42229 42231 419249 67 API calls __getptd_noexit 42174->42231 42175 41a677 42230 42147f 4 API calls 2 library calls 42175->42230 42182 41a78d LeaveCriticalSection LeaveCriticalSection _fprintf 42179->42182 42180->42158 42182->42163 42184 424d03 ___lock_fhandle 42183->42184 42185 424d26 42184->42185 42186 424d0b 42184->42186 42187 424d34 42185->42187 42192 424d75 42185->42192 42232 41925c 67 API calls __getptd_noexit 42186->42232 42234 41925c 67 API calls __getptd_noexit 42187->42234 42190 424d10 42233 419249 67 API calls __getptd_noexit 42190->42233 42191 424d39 42235 419249 67 API calls __getptd_noexit 42191->42235 42195 42932a ___lock_fhandle 68 API calls 42192->42195 42198 424d7b 42195->42198 42196 424d18 ___lock_fhandle 42196->42168 42197 424d40 42236 42147f 4 API calls 2 library calls 42197->42236 42200 424d88 42198->42200 42201 424d9e 42198->42201 42203 424755 __read_nolock 77 API calls 42200->42203 42237 419249 67 API calls __getptd_noexit 42201->42237 42205 424d96 42203->42205 42204 424da3 42238 41925c 67 API calls __getptd_noexit 42204->42238 42239 424dc9 LeaveCriticalSection __unlock_fhandle 42205->42239 42208->42168 42210 42455b 42209->42210 42214 424578 42209->42214 42240 419249 67 API calls __getptd_noexit 42210->42240 42212 424560 42241 42147f 4 API calls 2 library calls 42212->42241 42215 4245ac 42214->42215 42221 424570 42214->42221 42242 428f0c 67 API calls __malloc_crt 42214->42242 42217 423cd2 _fputc 67 API calls 42215->42217 42218 4245c0 42217->42218 42219 424cf7 __locking 79 API calls 42218->42219 42220 4245c7 42219->42220 42220->42221 42222 423cd2 _fputc 67 API calls 42220->42222 42221->42168 42223 4245e6 42222->42223 42223->42221 42224 423cd2 _fputc 67 API calls 42223->42224 42225 4245f2 42224->42225 42225->42221 42226 423cd2 _fputc 67 API calls 42225->42226 42227 4245fe 42226->42227 42228 423cd2 _fputc 67 API calls 42227->42228 42228->42221 42229->42175 42231->42175 42232->42190 42233->42196 42234->42191 42235->42197 42237->42204 42238->42205 42239->42196 42240->42212 42242->42215 42243->42080 42246 40a137 111 API calls 42245->42246 42247 408257 42246->42247 42259 4090e1 42247->42259 42253 40a137 111 API calls 42252->42253 42254 40828c 42253->42254 42347 408f12 42254->42347 42260 4090ee 42259->42260 42282 42edd0 42260->42282 42262 4091a4 42264 4091ad __flsbuf 42262->42264 42270 4091ea 42262->42270 42263 406ee3 115 API calls 42263->42270 42313 41c993 105 API calls 8 library calls 42264->42313 42265 409292 42270->42263 42270->42265 42274 4092bb 42270->42274 42314 406b62 111 API calls 2 library calls 42270->42314 42316 42ea30 67 API calls _malloc 42282->42316 42284 42ede0 42285 42ee03 42284->42285 42293 42ee79 42284->42293 42317 42e850 42284->42317 42287 42ee15 42285->42287 42288 42ee2a 42285->42288 42290 42e7c0 67 API calls 42287->42290 42289 42ee33 42288->42289 42294 42ee4a 42288->42294 42292 42e7c0 67 API calls 42289->42292 42291 42ee1e 42290->42291 42291->42262 42293->42262 42294->42293 42325 42e480 67 API calls _malloc 42294->42325 42314->42270 42316->42284 42318 42e864 42317->42318 42322 42e872 42317->42322 42319 42e877 42318->42319 42320 42e86b 42318->42320 42321 418d4a ___convertcp 67 API calls 42319->42321 42319->42322 42326 42f930 42320->42326 42329 434a40 42320->42329 42321->42322 42322->42285 42348 40a137 111 API calls 42347->42348 42349 408f44 __flsbuf 42348->42349 42350 41a1c4 107 API calls 42349->42350 42351 408f52 42350->42351 42401 40d630 42351->42401 42354 408fab 42355 418eea _printf 105 API calls 42354->42355 42356 40d630 105 API calls 42357 408f7e 42356->42357 42357->42354 42402 40d637 42401->42402 42404 408f67 42401->42404 42510 40e710 105 API calls 3 library calls 42402->42510 42404->42354 42404->42356 42510->42404 42552 40a137 111 API calls 42551->42552 42553 4082c6 42552->42553 42554 41c794 _calloc 67 API calls 42553->42554 42555 4082e0 42554->42555 42556 406ee3 115 API calls 42555->42556 42560 4082ed 42556->42560 42557 408315 42558 41bcb1 __fcloseall 106 API calls 42557->42558 42561 40831a 42558->42561 42560->42557 42562 406ee3 115 API calls 42560->42562 42572 41b4da 42560->42572 42563 40a137 111 API calls 42561->42563 42562->42560 42564 40832a 42563->42564 42566 40a137 111 API calls 42565->42566 42567 40821f 42566->42567 42589 406386 42567->42589 42570 40a137 111 API calls 42571 40823b 42570->42571 42574 41b4e6 ___lock_fhandle 42572->42574 42573 41b503 42585 419249 67 API calls __getptd_noexit 42573->42585 42574->42573 42575 41b525 42574->42575 42578 41b4f1 ___lock_fhandle 42574->42578 42577 41c8aa _fputc 68 API calls 42575->42577 42580 41b52d 42577->42580 42578->42560 42579 41b508 42586 42147f 4 API calls 2 library calls 42579->42586 42587 41b3c0 101 API calls 5 library calls 42580->42587 42583 41b542 42588 41b55d LeaveCriticalSection LeaveCriticalSection _fprintf 42583->42588 42585->42579 42587->42583 42588->42578 42590 418e27 _malloc 67 API calls 42589->42590 42591 406396 CreateMutexA CreateMutexA 42590->42591 42592 4069ec 127 API calls 42591->42592 42593 4063cb 9 API calls 42592->42593 42594 40a137 111 API calls 42593->42594 42618 406321 42593->42618 42629 4061b7 42593->42629 42646 406257 42593->42646 42657 4062bc 42593->42657 42668 40613e 42593->42668 42595 40646d 42594->42595 42596 40a137 111 API calls 42595->42596 42597 406477 42596->42597 42606 405627 42597->42606 42599 406487 42600 40648c FindCloseChangeNotification 42599->42600 42600->42600 42601 4064a1 42600->42601 42602 4064a6 42601->42602 42603 40a137 111 API calls 42601->42603 42602->42570 42604 4064b4 42603->42604 42605 406af3 109 API calls 42604->42605 42605->42602 42607 405633 42606->42607 42608 4056ae 42606->42608 42609 40a137 111 API calls 42607->42609 42610 40a137 111 API calls 42608->42610 42611 40563d 42609->42611 42612 405698 _strcat 42610->42612 42613 418e27 _malloc 67 API calls 42611->42613 42612->42599 42614 405645 _memset _strlen 42613->42614 42615 40566e _strcat _strlen 42614->42615 42616 418e27 _malloc 67 API calls 42614->42616 42615->42612 42617 418e27 _malloc 67 API calls 42615->42617 42616->42615 42617->42612 42619 40a137 111 API calls 42618->42619 42620 406333 WaitForSingleObject 42619->42620 42621 40a137 111 API calls 42620->42621 42622 40634b ReleaseMutex 42621->42622 42623 40a137 111 API calls 42622->42623 42624 40635e 42623->42624 42682 4057b4 42624->42682 42630 40a137 111 API calls 42629->42630 42631 4061cb WaitForSingleObject 42630->42631 42632 40a137 111 API calls 42631->42632 42633 4061e3 ReleaseMutex 42632->42633 42634 40a137 111 API calls 42633->42634 42635 4061f6 42634->42635 42636 4068a4 126 API calls 42635->42636 42637 40620f 42636->42637 42645 406243 42637->42645 42835 40608d 111 API calls 42637->42835 42639 4060bd 117 API calls 42641 40624c 42639->42641 42640 406226 42642 40a137 111 API calls 42640->42642 42643 406232 42642->42643 42644 4057b4 178 API calls 42643->42644 42644->42645 42645->42639 42647 40a137 111 API calls 42646->42647 42648 406269 WaitForSingleObject 42647->42648 42649 40a137 111 API calls 42648->42649 42650 406281 ReleaseMutex 42649->42650 42651 40a137 111 API calls 42650->42651 42652 406294 42651->42652 42653 4057b4 178 API calls 42652->42653 42654 4062a8 42653->42654 42655 4060bd 117 API calls 42654->42655 42656 4062b1 42655->42656 42658 40a137 111 API calls 42657->42658 42659 4062ce WaitForSingleObject 42658->42659 42660 40a137 111 API calls 42659->42660 42661 4062e6 ReleaseMutex 42660->42661 42662 40a137 111 API calls 42661->42662 42663 4062f9 42662->42663 42664 4057b4 178 API calls 42663->42664 42665 40630d 42664->42665 42666 4060bd 117 API calls 42665->42666 42667 406316 42666->42667 42669 40a137 111 API calls 42668->42669 42670 406150 WaitForSingleObject 42669->42670 42671 40a137 111 API calls 42670->42671 42672 406168 ReleaseMutex 42671->42672 42673 4061a3 42672->42673 42674 40617d 42672->42674 42675 4060bd 117 API calls 42673->42675 42674->42673 42836 40608d 111 API calls 42674->42836 42676 4061ac 42675->42676 42678 406188 42679 40a137 111 API calls 42678->42679 42680 406194 42679->42680 42681 4057b4 178 API calls 42680->42681 42681->42673 42685 4057c1 __tzset_nolock 42682->42685 42683 40581a 42684 40a137 111 API calls 42683->42684 42686 40582a InternetOpenA 42684->42686 42685->42683 42687 4057f7 42685->42687 42691 40586d 42686->42691 42692 40588e 42686->42692 42688 40a137 111 API calls 42687->42688 42690 405807 42688->42690 42696 418d3b ___ansicp 5 API calls 42690->42696 42693 40a137 111 API calls 42691->42693 42694 40a137 111 API calls 42692->42694 42695 405877 42693->42695 42697 405898 _memset 42694->42697 42698 4092ef 118 API calls 42695->42698 42699 405818 42696->42699 42700 4058a9 InternetCrackUrlA 42697->42700 42698->42690 42790 4060bd 42699->42790 42701 40a137 111 API calls 42700->42701 42702 4058f0 42701->42702 42703 405a49 42702->42703 42706 4058ff _memset _strncpy 42702->42706 42802 4092ef GetLastError FormatMessageA lstrlenA lstrlenA LocalAlloc 42703->42802 42705 405a58 InternetOpenUrlA 42728 4059ee 42705->42728 42717 40a137 111 API calls 42706->42717 42707 405a85 42708 40a137 111 API calls 42707->42708 42709 405a95 HttpSendRequestA 42708->42709 42711 405b4a 42709->42711 42712 405aaf InternetQueryOptionA InternetSetOptionA 42709->42712 42710 4092ef 118 API calls 42710->42728 42805 40556b HttpQueryInfoA 42711->42805 42714 405b16 HttpSendRequestA 42712->42714 42715 405afa 42712->42715 42714->42711 42720 405b2a 42714->42720 42719 4092ef 118 API calls 42715->42719 42721 40598f 42717->42721 42723 405b09 42719->42723 42724 4092ef 118 API calls 42720->42724 42725 40a137 111 API calls 42721->42725 42727 40a137 111 API calls 42723->42727 42729 405b39 42724->42729 42730 4059a1 42725->42730 42726 405b68 42731 40a137 111 API calls 42726->42731 42732 405b13 42727->42732 42728->42707 42728->42710 42733 405a26 HttpOpenRequestA 42728->42733 42824 405603 42728->42824 42729->42711 42734 40a137 111 API calls 42730->42734 42735 405b79 42731->42735 42732->42714 42733->42728 42736 4059b2 42734->42736 42738 405c52 42735->42738 42741 405b99 WaitForSingleObject 42735->42741 42744 40a137 111 API calls 42735->42744 42737 40a137 111 API calls 42736->42737 42739 4059c2 InternetConnectA 42737->42739 42740 40a137 111 API calls 42738->42740 42739->42728 42742 405c62 42740->42742 42741->42735 42743 405ca9 42741->42743 42809 4055a8 HttpQueryInfoA 42742->42809 42747 40a137 111 API calls 42743->42747 42746 405bc9 GetDesktopWindow InternetErrorDlg 42744->42746 42749 40a137 111 API calls 42746->42749 42750 405cb9 42747->42750 42753 405bfe 42749->42753 42754 405603 3 API calls 42750->42754 42751 405cfd 42755 40a137 111 API calls 42751->42755 42752 405c87 42756 40a137 111 API calls 42752->42756 42757 405ce1 ReleaseMutex 42753->42757 42758 405c11 HttpSendRequestA 42753->42758 42759 405cd0 ReleaseMutex 42754->42759 42765 405ca4 _memset 42755->42765 42756->42765 42760 40a137 111 API calls 42757->42760 42761 40556b HttpQueryInfoA 42758->42761 42759->42757 42760->42751 42762 405c2c 42761->42762 42762->42735 42763 405c3e 42762->42763 42763->42738 42764 405c46 ReleaseMutex 42763->42764 42764->42738 42766 41be64 __time64 GetSystemTimeAsFileTime 42765->42766 42788 405d3b 42766->42788 42768 41be64 __time64 GetSystemTimeAsFileTime 42781 405f10 42768->42781 42771 40a137 111 API calls 42771->42781 42772 405dc4 WaitForSingleObject 42774 40a137 111 API calls 42772->42774 42773 40a137 111 API calls 42773->42788 42789 405dde __tzset_nolock 42774->42789 42776 406af3 109 API calls 42776->42781 42777 405ef2 42779 40a137 111 API calls 42777->42779 42777->42781 42778 40812a 7 API calls 42780 405fc1 SetEvent 42778->42780 42779->42781 42780->42781 42781->42768 42781->42771 42781->42776 42781->42778 42782 405603 InternetCloseHandle InternetCloseHandle InternetCloseHandle 42781->42782 42833 41c4f3 67 API calls ___getgmtimebuf 42781->42833 42782->42781 42783 40a137 111 API calls 42783->42789 42784 405627 111 API calls 42784->42789 42786 405e9a ReleaseMutex 42788->42772 42788->42773 42788->42777 42788->42781 42815 40812a 42788->42815 42832 406b62 111 API calls 2 library calls 42788->42832 42789->42781 42789->42783 42789->42784 42789->42786 42831 4056bb 114 API calls 4 library calls 42789->42831 42791 40a137 111 API calls 42790->42791 42792 4060cf WaitForSingleObject 42791->42792 42793 4060e3 SetEvent 42792->42793 42794 4060ed 42792->42794 42793->42794 42795 40a137 111 API calls 42794->42795 42796 406101 ReleaseMutex 42795->42796 42797 406110 Sleep 42796->42797 42798 406134 42796->42798 42799 406127 FindCloseChangeNotification 42797->42799 42800 40612a 42797->42800 42799->42800 42800->42798 42801 406131 CloseHandle 42800->42801 42801->42798 42803 40a137 111 API calls 42802->42803 42804 40934d LocalFree LocalFree 42803->42804 42804->42705 42806 40559e 42805->42806 42807 41be64 GetSystemTimeAsFileTime 42806->42807 42808 41be92 __aulldiv 42807->42808 42808->42726 42810 4055e5 42809->42810 42813 4055f1 42809->42813 42834 41a220 91 API calls _strtol 42810->42834 42812 418d3b ___ansicp 5 API calls 42814 405601 42812->42814 42813->42812 42814->42751 42814->42752 42816 408147 42815->42816 42819 40817c 42815->42819 42817 4081ba 42816->42817 42818 40814d GetWindowRect SetWindowPos 42816->42818 42821 4081e3 KillTimer SendMessageA 42817->42821 42822 4081c7 SetTimer 42817->42822 42818->42819 42819->42817 42820 40818b GetWindowRect SetWindowPos 42819->42820 42820->42817 42825 405611 42824->42825 42826 40560e InternetCloseHandle 42824->42826 42827 405618 InternetCloseHandle 42825->42827 42828 40561b 42825->42828 42826->42825 42827->42828 42829 405622 InternetCloseHandle 42828->42829 42830 405625 42828->42830 42829->42830 42830->42728 42831->42789 42832->42788 42833->42781 42835->42640 42836->42678 42837 406f4b 42838 407085 __tzset_nolock 42837->42838 42839 406f6a __tzset_nolock 42837->42839 42840 418eea _printf 105 API calls 42838->42840 42841 418eea _printf 105 API calls 42839->42841 42849 406f8c __tzset_nolock 42839->42849 42842 4070b9 __flsbuf 42840->42842 42841->42849 42845 41a1c4 107 API calls 42842->42845 42844 418eea 105 API calls _printf 42844->42849 42847 4070c8 42845->42847 42929 4035ba 42847->42929 42849->42838 42849->42844 42862 406fd4 42849->42862 43251 419e68 67 API calls _doexit 42849->43251 43252 405fd2 42849->43252 43255 4011ed GetVersion 42849->43255 42862->42849 42867 406071 8 API calls 42862->42867 42872 418eea _printf 105 API calls 42862->42872 42906 418eea 105 API calls _printf 42862->42906 42911 418eea _printf 105 API calls 42862->42911 43257 4054f9 42862->43257 43265 406046 42862->43265 42867->42862 42877 407014 Sleep 42872->42877 43274 40605e 42877->43274 42883 40605e 6 API calls 42888 407028 42883->42888 42888->42883 43281 406004 42888->43281 42893 407037 Sleep 42895 406046 132 API calls 42893->42895 42895->42862 42906->42862 42913 40705f Sleep 42911->42913 42913->42862 42930 418e27 _malloc 67 API calls 42929->42930 42931 4035fa 42930->42931 42932 418e27 _malloc 67 API calls 42931->42932 42933 403607 42932->42933 42934 418e27 _malloc 67 API calls 42933->42934 42935 403614 42934->42935 42936 418e27 _malloc 67 API calls 42935->42936 42937 403621 42936->42937 42938 418e27 _malloc 67 API calls 42937->42938 42939 40362e 42938->42939 42940 418e27 _malloc 67 API calls 42939->42940 42941 40363b 42940->42941 42942 418e27 _malloc 67 API calls 42941->42942 42943 403648 42942->42943 42944 418e27 _malloc 67 API calls 42943->42944 42945 403655 42944->42945 42946 418e27 _malloc 67 API calls 42945->42946 42947 403662 42946->42947 42948 418e27 _malloc 67 API calls 42947->42948 42949 40366f 42948->42949 42950 418e27 _malloc 67 API calls 42949->42950 42951 40367c 42950->42951 42952 418e27 _malloc 67 API calls 42951->42952 42953 403689 42952->42953 42954 418e27 _malloc 67 API calls 42953->42954 42955 40369d 42954->42955 42956 418e27 _malloc 67 API calls 42955->42956 42957 4036aa 42956->42957 42958 418e27 _malloc 67 API calls 42957->42958 42959 4036b7 42958->42959 42960 405fd2 GetVersion 42959->42960 42961 4036c3 42960->42961 43288 40188a GetModuleHandleA GetProcAddress 42961->43288 42967 4036ec _strlen 42968 418e27 _malloc 67 API calls 42967->42968 42972 403815 42967->42972 42969 403828 42968->42969 43789 41b6d3 42969->43789 42971 40a137 111 API calls 42973 40385d 42971->42973 42972->42971 42974 40a137 111 API calls 42973->42974 42975 403868 42974->42975 42976 418e27 _malloc 67 API calls 42975->42976 42978 403872 _strlen 42976->42978 43305 4034a2 42978->43305 42980 40a137 111 API calls 42981 4038e1 42980->42981 42982 418e27 _malloc 67 API calls 42981->42982 42983 4038ef _memset 42982->42983 43315 408894 42983->43315 42985 403924 42986 40a137 111 API calls 42985->42986 42987 403936 42986->42987 42988 40a137 111 API calls 42987->42988 42989 403942 42988->42989 42990 40a137 111 API calls 42989->42990 42991 403953 42990->42991 42992 40a137 111 API calls 42991->42992 43055 403959 __tzset_nolock _strncpy _strlen 42992->43055 42993 403c44 42995 406af3 109 API calls 42993->42995 42994 408881 119 API calls 42994->43055 42996 403c4f 42995->42996 43321 40a30d 42996->43321 42997 408837 119 API calls 42997->43055 43000 403c6a 43002 40a137 111 API calls 43000->43002 43001 40a137 111 API calls 43001->43000 43003 403c75 43002->43003 43328 40a2e5 43003->43328 43010 408881 119 API calls 43011 403cb0 43010->43011 43012 408881 119 API calls 43011->43012 43013 403cbd 43012->43013 43014 408881 119 API calls 43013->43014 43038 40a137 111 API calls 43038->43055 43042 403c18 43043 40a137 111 API calls 43042->43043 43799 402e26 125 API calls ___convertcp 43042->43799 43043->43042 43055->42993 43055->42994 43055->42997 43055->43038 43055->43042 43797 41a220 91 API calls _strtol 43055->43797 43798 401742 111 API calls _malloc 43055->43798 43251->42849 43253 4011ed GetVersion 43252->43253 43254 405fdd 43253->43254 43254->42849 43256 4011fb 43255->43256 43256->42849 43258 405508 _strlen 43257->43258 43259 418e27 _malloc 67 API calls 43258->43259 43260 405512 _strlen 43259->43260 43261 41c4ab _mbstowcs_s 81 API calls 43260->43261 43262 40552d 43261->43262 43263 418d4a ___convertcp 67 API calls 43262->43263 43264 405564 43263->43264 43264->42862 43266 4011ed GetVersion 43265->43266 43267 40604c 43266->43267 43268 406050 43267->43268 43269 406057 43267->43269 44592 407894 43268->44592 44601 405118 128 API calls 43269->44601 43272 406055 43272->42862 43273 40605c 43273->42862 43275 4011ed GetVersion 43274->43275 43276 406063 43275->43276 43277 407920 PostThreadMessageA WaitForSingleObject 43276->43277 43278 407973 43276->43278 43279 40794a TerminateThread 43277->43279 43280 40795b CloseHandle CloseHandle 43277->43280 43278->42888 43279->43280 43280->43278 43282 40605e 6 API calls 43281->43282 43283 40600a 43282->43283 43284 40a137 111 API calls 43283->43284 43285 406014 43284->43285 43286 4011ed GetVersion 43285->43286 43287 40601a 43286->43287 43287->42893 43289 4018b0 GetCurrentProcess 43288->43289 43290 4018bd 43288->43290 43289->43290 43291 419aed 43290->43291 43292 419b18 43291->43292 43293 419afb 43291->43293 43292->43293 43295 419b1f 43292->43295 43922 419249 67 API calls __getptd_noexit 43293->43922 43924 4209e1 103 API calls 15 library calls 43295->43924 43296 419b00 43923 42147f 4 API calls 2 library calls 43296->43923 43299 419b45 43300 4036e4 43299->43300 43925 4229b7 101 API calls 7 library calls 43299->43925 43302 40964d 43300->43302 43303 418e27 _malloc 67 API calls 43302->43303 43304 409657 43303->43304 43304->42967 43306 41a324 156 API calls 43305->43306 43311 4034b6 43306->43311 43307 41bd2d _fgetc 81 API calls 43307->43311 43308 40a137 111 API calls 43308->43311 43309 41c94e 67 API calls 43309->43311 43311->43307 43311->43308 43311->43309 43312 40350f 43311->43312 43926 419e68 67 API calls _doexit 43311->43926 43313 40847c 132 API calls 43312->43313 43314 403515 43313->43314 43314->42980 43316 408837 119 API calls 43315->43316 43317 40889f 43316->43317 43318 4088a5 43317->43318 43319 41a220 ___ansicp 91 API calls 43317->43319 43318->42985 43320 4088af 43319->43320 43320->42985 43322 40a137 111 API calls 43321->43322 43323 40a31a 43322->43323 43324 40a137 111 API calls 43323->43324 43325 40a329 43324->43325 43326 40a137 111 API calls 43325->43326 43327 403c59 43326->43327 43327->43000 43327->43001 43329 40a137 111 API calls 43328->43329 43330 40a2f2 43329->43330 43331 40a137 111 API calls 43330->43331 43332 40a301 43331->43332 43333 40a137 111 API calls 43332->43333 43334 403c81 43333->43334 43335 403527 43334->43335 43336 41a324 156 API calls 43335->43336 43341 40353b 43336->43341 43337 41bd2d _fgetc 81 API calls 43337->43341 43338 40a137 111 API calls 43338->43341 43339 41c94e 67 API calls 43339->43341 43341->43337 43341->43338 43341->43339 43342 403597 43341->43342 43927 419e68 67 API calls _doexit 43341->43927 43343 40a137 111 API calls 43342->43343 43344 4035a1 43343->43344 43345 40847c 132 API calls 43344->43345 43346 4035a8 43345->43346 43347 408881 43346->43347 43348 408837 119 API calls 43347->43348 43349 403ca1 43348->43349 43349->43010 43790 41b6df ___lock_fhandle 43789->43790 43791 41f954 __lock 67 API calls 43790->43791 43792 41b6e6 43791->43792 44501 41b59e 43792->44501 43796 41b70a ___lock_fhandle 43796->42972 43798->43055 43799->43055 43922->43296 43924->43299 43925->43300 43926->43311 43927->43341 44502 41b5e2 44501->44502 44503 41b5ab 44501->44503 44544 4256ec 104 API calls 5 library calls 44502->44544 44540 41b567 GetDriveTypeA 44503->44540 44506 41b5b3 44508 41b5e9 44506->44508 44509 41b5b8 44506->44509 44507 41b5e7 44510 41b61a GetFullPathNameA 44507->44510 44512 41b5fb 44507->44512 44508->44507 44541 41925c 67 API calls __getptd_noexit 44509->44541 44521 41b65a 44510->44521 44522 41b6bf GetLastError 44510->44522 44545 419249 67 API calls __getptd_noexit 44512->44545 44513 41b5bd 44542 419249 67 API calls __getptd_noexit 44513->44542 44516 41b600 44546 42147f 4 API calls 2 library calls 44516->44546 44517 41b5c8 44543 42147f 4 API calls 2 library calls 44517->44543 44525 41b672 44521->44525 44526 41b65e 44521->44526 44550 41926f 67 API calls 2 library calls 44522->44550 44529 41c794 _calloc 67 API calls 44525->44529 44527 41b610 44526->44527 44547 419249 67 API calls __getptd_noexit 44526->44547 44537 41b713 44527->44537 44530 41b684 44529->44530 44531 41b6a4 GetFullPathNameA 44530->44531 44532 41b68c 44530->44532 44531->44522 44534 41b6b6 44531->44534 44548 419249 67 API calls __getptd_noexit 44532->44548 44534->44522 44534->44527 44535 41b691 44549 41925c 67 API calls __getptd_noexit 44535->44549 44551 41f87c LeaveCriticalSection 44537->44551 44539 41b71a 44539->43796 44540->44506 44541->44513 44542->44517 44544->44507 44545->44516 44547->44527 44548->44535 44549->44527 44550->44527 44551->44539 44593 4078a0 CreateEventA 44592->44593 44594 4078f2 PostThreadMessageA 44592->44594 44602 41bf9a 44593->44602 44596 407902 44594->44596 44596->43272 44598 4078e5 44599 40a137 111 API calls 44598->44599 44600 4078ef 44599->44600 44600->43272 44601->43273 44603 41bfc8 44602->44603 44604 41bfac 44602->44604 44606 421596 ___set_flsgetvalue 6 API calls 44603->44606 44623 419249 67 API calls __getptd_noexit 44604->44623 44608 41bfce 44606->44608 44607 41bfb1 44624 42147f 4 API calls 2 library calls 44607->44624 44610 42313b __calloc_crt 67 API calls 44608->44610 44612 41bfda 44610->44612 44611 4078c5 WaitForSingleObject 44611->44596 44611->44598 44613 41c02c 44612->44613 44615 42174d __write_nolock 67 API calls 44612->44615 44614 418d4a ___convertcp 67 API calls 44613->44614 44616 41c032 44614->44616 44617 41bfe7 44615->44617 44616->44611 44625 41926f 67 API calls 2 library calls 44616->44625 44618 421616 __initptd 67 API calls 44617->44618 44620 41bff0 CreateThread 44618->44620 44620->44611 44622 41c023 GetLastError 44620->44622 44626 41bf1a 44620->44626 44622->44613 44623->44607 44625->44611 44627 421596 ___set_flsgetvalue 6 API calls 44626->44627 44628 41bf20 44627->44628 44641 42157b TlsGetValue 44628->44641 44631 41bf5a 44644 421765 76 API calls 6 library calls 44631->44644 44632 41bf2f 44643 4215c0 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 44632->44643 44634 41bf76 __except_handler4 44645 41bed9 44634->44645 44636 41bf3f 44638 41bf50 GetCurrentThreadId 44636->44638 44639 41bf43 GetLastError ExitThread 44636->44639 44638->44634 44642 41bf2b 44641->44642 44642->44631 44642->44632 44643->44636 44644->44634 44646 41bee5 ___lock_fhandle 44645->44646 44647 42174d __write_nolock 67 API calls 44646->44647 44648 41beea KiUserCallbackDispatcher 44647->44648 44653 41bea0 44648->44653 44656 41bea9 __except_handler4 44653->44656 44654 4216ca __getptd_noexit 67 API calls 44655 41bec3 44654->44655 44657 41bece ExitThread 44655->44657 44660 421886 79 API calls 2 library calls 44655->44660 44656->44654 44659 41becd 44659->44657 44660->44659

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00401EF7 Relevance: 148.0, APIs: 22, Strings: 62, Instructions: 981sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 971 401ef7-401fcc call 41f290 call 40a2e5 call 40a137 call 418e27 * 2 call 40a0b0 call 40a0ce call 41a324 988 401fe8-402062 call 4087e0 call 4087cf * 4 call 4087e0 * 3 call 40a48e 971->988 989 401fce-401fe3 call 40a1e8 call 419e68 971->989 1011 402068-40206a 988->1011 1012 4021ca-4021ce 988->1012 989->988 1013 402070-4020c0 call 40a137 call 40a0ce call 40a0b0 call 4099dc 1011->1013 1014 4021bb-4021c5 call 40a1e8 1011->1014 1015 4021d0-4021f0 call 419050 1012->1015 1016 4021fd-402204 1012->1016 1050 4020c2-4020d6 call 40a0b0 1013->1050 1051 4020d7-402100 call 40a031 call 419050 call 4099dc 1013->1051 1014->1012 1029 4021f5-4021fa call 40a137 1015->1029 1019 402206-40222e call 418e27 call 419aed 1016->1019 1020 402238-40223f 1016->1020 1019->1020 1025 402241-402273 call 418e27 call 419aed 1020->1025 1026 402276-4022a9 call 40a137 call 4087e0 call 418e27 1020->1026 1025->1026 1052 402305-402373 call 40a137 call 40866b call 418e27 call 40866b call 419580 call 408713 call 41a7c0 1026->1052 1053 4022ab-402303 call 4087cf call 40a09f call 418e27 call 40a0b0 call 40a09f 1026->1053 1029->1016 1050->1051 1075 402102-402121 call 40a137 call 41a324 1051->1075 1076 402145-40215d call 418fb0 1051->1076 1108 402375-40237b 1052->1108 1109 40238d-4023d8 call 408713 * 3 call 40a137 1052->1109 1053->1052 1098 402123-402134 call 40a137 1075->1098 1099 402136-40213e call 4019fe 1075->1099 1086 402170-4021b9 call 418e27 call 40a0ce call 419050 1076->1086 1087 40215f-402163 1076->1087 1086->1029 1092 402165 1087->1092 1093 40216b-40216e 1087->1093 1092->1093 1093->1086 1093->1087 1107 402143-402144 1098->1107 1099->1107 1107->1076 1108->1109 1111 40237d-40238c call 40873b 1108->1111 1123 4025b3-4025b8 call 40a1e8 1109->1123 1124 4023de-40240d call 40a137 call 41a324 call 4099dc 1109->1124 1111->1109 1128 4025bd 1123->1128 1137 402461-402468 1124->1137 1138 40240f-402416 1124->1138 1130 4025be-402619 call 40a137 call 401d89 call 40866b call 40a137 call 41a324 1128->1130 1158 4026e9-402756 call 40a137 call 40866b call 41b4da call 41a1c4 call 41bcb1 call 40a137 call 4087e0 call 40a137 1130->1158 1159 40261f 1130->1159 1137->1130 1140 40246e-4024e2 call 40a137 call 41a4c0 call 4087e0 call 40a137 call 419aed call 408713 1137->1140 1138->1140 1141 402418-40241f 1138->1141 1182 4025a6-4025b1 call 41bcb1 1140->1182 1183 4024e8-402541 call 4087cf call 41a4c0 call 419aed call 418fb0 1140->1183 1141->1130 1144 402425-40244c call 40a137 call 41a324 1141->1144 1144->1140 1161 40244e-40245f Sleep 1144->1161 1215 402776-402783 1158->1215 1216 402758-402774 call 4087cf 1158->1216 1162 402625-402669 call 401d89 call 40a137 call 41a324 1159->1162 1161->1141 1162->1158 1185 40266b-402683 Sleep 1162->1185 1182->1128 1212 402552-402570 call 41a390 1183->1212 1213 402543-402550 1183->1213 1185->1162 1191 402685-4026d5 call 418e27 GetTempPathA call 40a137 call 401d89 call 41a324 1185->1191 1191->1158 1219 4026d7-4026e2 call 40a1e8 1191->1219 1217 402575-4025a0 call 40a137 call 408713 1212->1217 1213->1217 1222 4027a4-4027ab 1215->1222 1223 402785-4027a3 call 4087cf call 40a137 1215->1223 1216->1215 1217->1182 1217->1183 1219->1158 1225 4027c5-4027cc 1222->1225 1226 4027ad-4027c4 call 4087cf * 2 1222->1226 1223->1222 1233 4027d2-4027e8 call 4087e0 1225->1233 1234 40286b 1225->1234 1226->1225 1251 4027ea 1233->1251 1252 4027eb-4027f1 1233->1252 1239 402871-402878 1234->1239 1242 402886-40288d 1239->1242 1243 40287a-402885 call 4087e0 1239->1243 1248 4028fc-4028fe 1242->1248 1249 40288f-402891 1242->1249 1243->1242 1254 402900-402908 1248->1254 1255 402952-402956 1248->1255 1249->1255 1256 402897-4028a0 1249->1256 1251->1252 1257 4027f3 1252->1257 1258 4027f4-40281e call 40a137 * 2 1252->1258 1259 402909-40291a call 419fc0 1254->1259 1261 402960-402964 1255->1261 1262 402958-40295e 1255->1262 1260 4028a6-4028bb call 4087cf call 401209 1256->1260 1257->1258 1258->1239 1280 402820 1258->1280 1277 402941-40294a 1259->1277 1278 40291c-40292e call 40a137 1259->1278 1288 4028e7-4028f4 1260->1288 1289 4028bd-4028ce call 40a137 1260->1289 1266 402972-402976 1261->1266 1267 402966 1261->1267 1264 40296c 1262->1264 1264->1266 1271 402978-402997 1266->1271 1272 40299d-4029c7 call 40a137 * 2 1266->1272 1267->1264 1271->1272 1297 4029e5-4029ed 1272->1297 1298 4029c9-4029e3 call 40a137 1272->1298 1277->1259 1284 40294c 1277->1284 1293 402940 1278->1293 1294 402930-40293e 1278->1294 1285 402826-402837 call 4087cf 1280->1285 1284->1255 1300 402839-40284d call 40a137 1285->1300 1301 40284f-402854 call 40a137 1285->1301 1288->1260 1290 4028f6 1288->1290 1305 4028d0-4028e4 1289->1305 1306 4028e6 1289->1306 1290->1248 1293->1277 1294->1293 1294->1294 1303 402a0f-402a17 1297->1303 1304 4029ef-402a0d call 40a137 1297->1304 1298->1297 1317 402859-402861 1300->1317 1301->1317 1307 402a39-402a57 call 40a137 call 41bcb1 1303->1307 1308 402a19-402a37 call 40a137 1303->1308 1304->1303 1305->1305 1305->1306 1306->1288 1323 402bc7-402bcb 1307->1323 1324 402a5d-402a8e call 40a0b0 call 40a137 1307->1324 1308->1307 1317->1285 1320 402863-402869 1317->1320 1320->1239 1325 402bd1-402c34 call 401e1b call 40a335 call 4073c4 call 40741d 1323->1325 1326 402c7f 1323->1326 1338 402a90-402ad6 call 40a137 call 40a2e5 call 4064dc 1324->1338 1339 402b07-402b81 call 40a137 call 40a2e5 call 401e1b call 40a335 call 4073c4 call 40741d 1324->1339 1353 402c36-402c47 call 4073f2 1325->1353 1354 402c49-402c59 call 40744c call 418d4a 1325->1354 1328 402c82-402c90 call 418d3b 1326->1328 1358 402adb-402af3 call 40a137 call 40a30d 1338->1358 1381 402b83-402b94 call 4073f2 1339->1381 1382 402b96-402b9f call 4075ca 1339->1382 1353->1354 1372 402c7b-402c7d 1354->1372 1373 402c5b-402c78 call 40a137 * 3 1354->1373 1375 402af5-402af7 1358->1375 1376 402afc-402b06 call 40a137 1358->1376 1372->1328 1373->1372 1375->1328 1376->1339 1381->1382 1391 402bc1 1382->1391 1392 402ba1-402bbe call 40a137 * 3 1382->1392 1391->1323 1392->1391
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00401F6C
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00401F80
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00402175
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00402208
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0040221E
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00402243
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 00402259
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00402294
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004022C2
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00402322
                                                                                                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 00402459
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00402488
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 004024BC
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00402515
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 0040252F
                                                                                                                                                                                                        • Part of subcall function 00419AED: __output_l.LIBCMT ref: 00419B40
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00402538
                                                                                                                                                                                                      • _strncpy.LIBCMT ref: 00402559
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040214C
                                                                                                                                                                                                        • Part of subcall function 0040A1E8: timeGetTime.WINMM(00440074,update_url,00000000), ref: 0040A206
                                                                                                                                                                                                        • Part of subcall function 0040A1E8: _fprintf.LIBCMT ref: 0040A248
                                                                                                                                                                                                        • Part of subcall function 0040A1E8: _vfprintf.LIBCMT ref: 0040A25A
                                                                                                                                                                                                        • Part of subcall function 0040A1E8: _printf.LIBCMT ref: 0040A277
                                                                                                                                                                                                        • Part of subcall function 0040A1E8: timeGetTime.WINMM ref: 0040A2AB
                                                                                                                                                                                                        • Part of subcall function 00419E68: _doexit.LIBCMT ref: 00419E70
                                                                                                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 00402676
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040268A
                                                                                                                                                                                                      • GetTempPathA.KERNEL32(00000104,00000000), ref: 00402698
                                                                                                                                                                                                      • _fwrite.LIBCMT ref: 00402702
                                                                                                                                                                                                        • Part of subcall function 00401E1B: _malloc.LIBCMT ref: 00401E26
                                                                                                                                                                                                        • Part of subcall function 00401E1B: _malloc.LIBCMT ref: 00401E4F
                                                                                                                                                                                                        • Part of subcall function 00401E1B: _strlen.LIBCMT ref: 00401E94
                                                                                                                                                                                                        • Part of subcall function 004073C4: _malloc.LIBCMT ref: 004073D8
                                                                                                                                                                                                        • Part of subcall function 004073C4: _memset.LIBCMT ref: 004073E4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor] JRE LSO file exists, xrefs: 0040246E
                                                                                                                                                                                                      • jvm_options_%d, xrefs: 00402529
                                                                                                                                                                                                      • [Extractor] [Launch] Class: %s, xrefs: 004029B4
                                                                                                                                                                                                      • [Extractor] Read JRE compatibility class %s, xrefs: 00402792
                                                                                                                                                                                                      • [Extractor] [Launch] Executable: %s, xrefs: 004029A4
                                                                                                                                                                                                      • Unable to open launch file %s, xrefs: 00401FD5
                                                                                                                                                                                                      • [Extractor] JRE folder is %s, xrefs: 00402A7B
                                                                                                                                                                                                      • [Extractor] JRE LSO file is %s, xrefs: 004021B4
                                                                                                                                                                                                      • [Retry] Attempting to write to %s, xrefs: 0040269F
                                                                                                                                                                                                      • [Extractor] Building classpath, xrefs: 00402276
                                                                                                                                                                                                      • ***************************, xrefs: 00402BA1, 00402BA6, 00402BB8, 00402C5B, 00402C60, 00402C72
                                                                                                                                                                                                      • jre_name, xrefs: 004023A8
                                                                                                                                                                                                      • [Extractor] jvmArgCount:%d emptyArgs:%d so addToJVM:%d, xrefs: 00402804
                                                                                                                                                                                                      • No private JRE available!, xrefs: 004021BB
                                                                                                                                                                                                      • [Extractor] Return code for JNI launch was %d, xrefs: 00402ADE
                                                                                                                                                                                                      • [Extractor] Copying FILE %s, xrefs: 00402105
                                                                                                                                                                                                      • [Extractor] Skipping option %s, xrefs: 0040284F
                                                                                                                                                                                                      • [Extractor] *************************** Unable to open source file for copy %s, xrefs: 0040212A
                                                                                                                                                                                                      • [Extractor] Writing to file, xrefs: 004026E9
                                                                                                                                                                                                      • [Extractor] [Launch] App Argument %d: %s, xrefs: 00402A23
                                                                                                                                                                                                      • javaw.exe, xrefs: 004020C8
                                                                                                                                                                                                      • [Extractor] Attempting spawn launch, xrefs: 00402B07
                                                                                                                                                                                                      • [Extractor] Writing launch properties file, xrefs: 004025BE
                                                                                                                                                                                                      • JWApps, xrefs: 00402181
                                                                                                                                                                                                      • [Extractor] Writing launch properties to %s (length: %d), xrefs: 004025F5
                                                                                                                                                                                                      • [Extractor] LSO file does exist. Retrying (%d)..., xrefs: 0040242B
                                                                                                                                                                                                      • [Extractor] JNI launch failed. Attempting legacy spawn instead, xrefs: 00402AFC
                                                                                                                                                                                                      • Not a private JRE (no need to check for LSO file), xrefs: 004025B3
                                                                                                                                                                                                      • JWrapperLaunch, xrefs: 00401F99
                                                                                                                                                                                                      • [ERROR] Attempt to launch app failed with return code %ld! (app likely did not launch at all), xrefs: 00402BAE, 00402C68
                                                                                                                                                                                                      • [Extractor] Reading %s, xrefs: 004023E5
                                                                                                                                                                                                      • [Extractor] Launch Prop: %s = %s..., xrefs: 00402570
                                                                                                                                                                                                      • [Extractor] Using private JRE %s, xrefs: 00402071
                                                                                                                                                                                                      • [Extractor] [Launch] ClassPath %d: %s, xrefs: 004029F9
                                                                                                                                                                                                      • [Extractor] Reading %ld extra args, xrefs: 00402746
                                                                                                                                                                                                      • windowslauncher.exe, xrefs: 004020A0
                                                                                                                                                                                                      • Launching, xrefs: 00401F34
                                                                                                                                                                                                      • launched_from_dynprops, xrefs: 004023BA
                                                                                                                                                                                                      • [Extractor] Launching '%s' from master folder '%s' of class %d using JRE '%s', xrefs: 00401F59
                                                                                                                                                                                                      • [Extractor] Additional JRE option count is %d, xrefs: 0040280F
                                                                                                                                                                                                      • [Extractor] Checking for existing system JRE %s, xrefs: 004021F0
                                                                                                                                                                                                      • [Extractor] Found %ld JVM Options, xrefs: 0040249F
                                                                                                                                                                                                      • [Extractor] Creating launch properties, xrefs: 00402305
                                                                                                                                                                                                      • [Extractor] Checking LSO file, xrefs: 004023C4
                                                                                                                                                                                                      • sun.awt.fontconfig=, xrefs: 0040290B
                                                                                                                                                                                                      • bin, xrefs: 0040207B
                                                                                                                                                                                                      • [Extractor] Force spawn is %d so attempting to launch via JNI, xrefs: 00402A92
                                                                                                                                                                                                      • -Xms%dm%c, xrefs: 00402253
                                                                                                                                                                                                      • JNI Launch, xrefs: 00402A9C, 00402AA1, 00402AE8
                                                                                                                                                                                                      • %ld, xrefs: 004024B6
                                                                                                                                                                                                      • -Xmx%dm%c, xrefs: 00402218
                                                                                                                                                                                                      • app_dir, xrefs: 00402394
                                                                                                                                                                                                      • update_url, xrefs: 00402351, 00402356, 00402385
                                                                                                                                                                                                      • [Extractor] Launch Prop: %s = %s, xrefs: 0040254B
                                                                                                                                                                                                      • [Extractor] Ignoring platform-specific option %s, xrefs: 004028BE
                                                                                                                                                                                                      • jvm_options_count, xrefs: 004024CB
                                                                                                                                                                                                      • [Extractor] Added option %s, xrefs: 00402839
                                                                                                                                                                                                      • [Extractor] This is a newer extractor... launchclass is %d, xrefs: 00402A3C
                                                                                                                                                                                                      • [Extractor] [Launch] JVM Argument %d: %s, xrefs: 004029D3
                                                                                                                                                                                                      • [Extractor] Ignoring invalid option %s, xrefs: 0040291E
                                                                                                                                                                                                      • Unable to write Launch Properties file! Cannot run!, xrefs: 004026D7
                                                                                                                                                                                                      • [Retry] Writing launch properties to %s, xrefs: 00402647
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$Time_sprintftime$_memset_strlen$Sleep_fprintf_printf_vfprintf$AllocateHeapPathTemp__fsopen__output_l_doexit_fwrite_strncpy
                                                                                                                                                                                                      • String ID: %ld$***************************$-Xms%dm%c$-Xmx%dm%c$JNI Launch$JWApps$JWrapperLaunch$Launching$No private JRE available!$Not a private JRE (no need to check for LSO file)$Unable to open launch file %s$Unable to write Launch Properties file! Cannot run!$[ERROR] Attempt to launch app failed with return code %ld! (app likely did not launch at all)$[Extractor] *************************** Unable to open source file for copy %s$[Extractor] Added option %s$[Extractor] Additional JRE option count is %d$[Extractor] Attempting spawn launch$[Extractor] Building classpath$[Extractor] Checking LSO file$[Extractor] Checking for existing system JRE %s$[Extractor] Copying FILE %s$[Extractor] Creating launch properties$[Extractor] Force spawn is %d so attempting to launch via JNI$[Extractor] Found %ld JVM Options$[Extractor] Ignoring invalid option %s$[Extractor] Ignoring platform-specific option %s$[Extractor] JNI launch failed. Attempting legacy spawn instead$[Extractor] JRE LSO file exists$[Extractor] JRE LSO file is %s$[Extractor] JRE folder is %s$[Extractor] LSO file does exist. Retrying (%d)...$[Extractor] Launch Prop: %s = %s$[Extractor] Launch Prop: %s = %s...$[Extractor] Launching '%s' from master folder '%s' of class %d using JRE '%s'$[Extractor] Read JRE compatibility class %s$[Extractor] Reading %ld extra args$[Extractor] Reading %s$[Extractor] Return code for JNI launch was %d$[Extractor] Skipping option %s$[Extractor] This is a newer extractor... launchclass is %d$[Extractor] Using private JRE %s$[Extractor] Writing launch properties file$[Extractor] Writing launch properties to %s (length: %d)$[Extractor] Writing to file$[Extractor] [Launch] App Argument %d: %s$[Extractor] [Launch] Class: %s$[Extractor] [Launch] ClassPath %d: %s$[Extractor] [Launch] Executable: %s$[Extractor] [Launch] JVM Argument %d: %s$[Extractor] jvmArgCount:%d emptyArgs:%d so addToJVM:%d$[Retry] Attempting to write to %s$[Retry] Writing launch properties to %s$app_dir$bin$javaw.exe$jre_name$jvm_options_%d$jvm_options_count$launched_from_dynprops$sun.awt.fontconfig=$update_url$windowslauncher.exe
                                                                                                                                                                                                      • API String ID: 1040976912-1291050340
                                                                                                                                                                                                      • Opcode ID: c065ec6ddb1b71fa87826aabdab69ac133bda3bbbda863556804696ac317aa61
                                                                                                                                                                                                      • Instruction ID: eb4b5edf811d9a56a6d17c3cbb781bca6333a939b94a11d6ee268f97d63ecad3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c065ec6ddb1b71fa87826aabdab69ac133bda3bbbda863556804696ac317aa61
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B872A472D006296ADB20AF659D46A9DB7B5EF04318F1000FFF508B62C1DB7E5EA08F59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004057B4 Relevance: 130.0, APIs: 29, Strings: 45, Instructions: 537networkCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1400 4057b4-4057e8 call 41f290 1403 40581a-405836 call 40a137 1400->1403 1404 4057ea-4057f5 call 41a7c0 1400->1404 1410 405838-40583a 1403->1410 1411 40584d-40584e 1403->1411 1404->1403 1409 4057f7-405808 call 40a137 1404->1409 1420 405809-405819 call 418d3b 1409->1420 1413 405846-40584b 1410->1413 1414 40583c-405844 1410->1414 1415 40584f-40586b InternetOpenA 1411->1415 1413->1415 1414->1415 1417 40586d-405889 call 40a137 call 4092ef 1415->1417 1418 40588e-4058f9 call 40a137 call 41a4c0 InternetCrackUrlA call 40a137 1415->1418 1417->1420 1432 405a49-405a6b call 4092ef InternetOpenUrlA 1418->1432 1433 4058ff-40592f call 41a4c0 * 2 1418->1433 1439 405a71-405a79 1432->1439 1443 405931-405949 call 41a390 1433->1443 1444 40594c-405952 1433->1444 1440 405a85-405aa9 call 40a137 HttpSendRequestA 1439->1440 1441 405a7b-405a80 1439->1441 1453 405b4a-405b8b call 40556b call 41be64 call 40a137 1440->1453 1454 405aaf-405af8 InternetQueryOptionA InternetSetOptionA 1440->1454 1445 4059f3-405a0f call 4092ef call 405603 1441->1445 1443->1444 1449 405954-40596c call 41a390 1444->1449 1450 40596f-405976 1444->1450 1476 405a14-405a1f 1445->1476 1449->1450 1457 405978 1450->1457 1458 40597e-4059ec call 40a137 * 4 InternetConnectA 1450->1458 1487 405b91-405b97 1453->1487 1488 405c52-405c85 call 40a137 call 4055a8 1453->1488 1460 405b16-405b28 HttpSendRequestA 1454->1460 1461 405afa-405b13 call 4092ef call 40a137 1454->1461 1457->1458 1458->1476 1493 4059ee 1458->1493 1460->1453 1468 405b2a-405b3f call 4092ef 1460->1468 1461->1460 1468->1453 1481 405a21 1476->1481 1482 405a26-405a47 HttpOpenRequestA 1476->1482 1481->1482 1482->1439 1491 405bb3-405c0b call 40a137 GetDesktopWindow InternetErrorDlg call 40a137 1487->1491 1492 405b99-405bad WaitForSingleObject 1487->1492 1503 405d02-405d13 call 40a137 1488->1503 1504 405c87-405ca7 call 40a137 1488->1504 1509 405ce1-405cfd ReleaseMutex call 40a137 1491->1509 1510 405c11-405c38 HttpSendRequestA call 40556b 1491->1510 1492->1491 1495 405ca9-405cd6 call 40a137 call 405603 ReleaseMutex 1492->1495 1493->1445 1495->1509 1517 405d14-405d48 call 41a4c0 call 41be64 1503->1517 1504->1517 1509->1503 1510->1487 1519 405c3e-405c44 1510->1519 1525 405d76 1517->1525 1526 405d4a-405d50 1517->1526 1519->1488 1521 405c46-405c4c ReleaseMutex 1519->1521 1521->1488 1527 405d78-405d9e call 40812a InternetReadFile 1525->1527 1528 405f70-405fcd call 41be64 call 41c4f3 call 40a137 call 406af3 call 40812a SetEvent 1526->1528 1529 405d56-405d5c 1526->1529 1536 405da4-405db2 1527->1536 1537 405f66 1527->1537 1566 405f15-405f2e call 405603 1528->1566 1529->1525 1531 405d5e-405d74 1529->1531 1531->1527 1539 405db8-405dbe 1536->1539 1540 405ece-405ede call 40a137 1536->1540 1537->1528 1542 405eb4-405ecc call 406b62 1539->1542 1543 405dc4-405de3 WaitForSingleObject call 40a137 1539->1543 1552 405ee4-405eec 1540->1552 1542->1552 1554 405f35-405f5f call 40a137 call 405603 1543->1554 1555 405de9-405e0a call 40a137 1543->1555 1552->1529 1556 405ef2-405ef8 1552->1556 1554->1537 1568 405e49-405e64 call 40a137 call 41a7c0 1555->1568 1569 405e0c-405e1a 1555->1569 1556->1528 1560 405efa-405f13 call 40a137 1556->1560 1560->1566 1566->1554 1585 405e66-405e6c 1568->1585 1586 405e8e-405e99 call 4056bb 1568->1586 1573 405e30-405e3d call 40a137 1569->1573 1574 405e1c-405e2e call 40a137 1569->1574 1582 405e3f-405e47 call 405627 1573->1582 1574->1582 1591 405e9a-405eb3 ReleaseMutex call 40a137 1582->1591 1585->1586 1589 405e6e-405e71 1585->1589 1586->1591 1589->1586 1592 405e73-405e8b call 40a137 call 405627 1589->1592 1591->1542 1592->1586
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InternetOpenA.WININET(JWrapperDownloader,?,00000000,00000000,00000000), ref: 00405857
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004058A4
                                                                                                                                                                                                      • InternetCrackUrlA.WININET(?,00000000,00000000,?), ref: 004058D3
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040590C
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00405921
                                                                                                                                                                                                      • _strncpy.LIBCMT ref: 00405944
                                                                                                                                                                                                      • _strncpy.LIBCMT ref: 00405967
                                                                                                                                                                                                      • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004059DE
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [HttpDownloader] [%s] No proxy settings detected., xrefs: 00405E4A
                                                                                                                                                                                                      • YYWh, xrefs: 00405A58
                                                                                                                                                                                                      • GET, xrefs: 00405A36
                                                                                                                                                                                                      • [HttpDownloader] [%s] Thread returning as another has worked, xrefs: 00405F3B
                                                                                                                                                                                                      • InternetConnect, xrefs: 004059EE
                                                                                                                                                                                                      • HTTP/1.1, xrefs: 00405A2A
                                                                                                                                                                                                      • [HttpDownloader] [%s] Opened file. Set downloadWorked to TRUE (%d), xrefs: 00405DFA
                                                                                                                                                                                                      • [HttpDownloader] [%s] Proxy thread returning as another has connected to the proxy, xrefs: 00405CAF
                                                                                                                                                                                                      • InternetOpen, xrefs: 00405877
                                                                                                                                                                                                      • [HttpDownloader] [%s] Download is now active., xrefs: 00405DD4
                                                                                                                                                                                                      • [HttpDownloader] [%s] Attempting to crack URL, xrefs: 0040588E
                                                                                                                                                                                                      • Direct, xrefs: 004057D5
                                                                                                                                                                                                      • [HttpDownloader] [%s] [Special Case] No existing proxy settings found., xrefs: 00405E74
                                                                                                                                                                                                      • [HttpDownloader] [%s] Copying proxy settings., xrefs: 00405E1C
                                                                                                                                                                                                      • HttpDownloader, xrefs: 0040587C, 004059F3, 00405A4E, 00405AFF, 00405B2F
                                                                                                                                                                                                      • CrackURL, xrefs: 00405A49
                                                                                                                                                                                                      • [HttpDownloader] nPort = %d, xrefs: 00405997
                                                                                                                                                                                                      • [HttpDownloader] [%s] Unable initialise HTTP connection, xrefs: 0040586D
                                                                                                                                                                                                      • InternetSetOption, xrefs: 00405AFA
                                                                                                                                                                                                      • [HttpDownloader] [%s] Skipping for debug purposes., xrefs: 004057FD
                                                                                                                                                                                                      • YB, xrefs: 00405ED9
                                                                                                                                                                                                      • [HttpDownloader] [%s] [1] Starting download..., xrefs: 00405820
                                                                                                                                                                                                      • [HttpDownloader] Hostname = %s, xrefs: 00405985
                                                                                                                                                                                                      • [HttpDownloader] [%s] Could not get proxy credentials., xrefs: 00405CF3
                                                                                                                                                                                                      • [HttpDownloader] [%s] Status code is %d, xrefs: 00405BBF
                                                                                                                                                                                                      • [HttpDownloader] [%s] Using override proxy settings., xrefs: 00405E30
                                                                                                                                                                                                      • Proxy Non Auto, xrefs: 00405E54
                                                                                                                                                                                                      • [HttpDownloader] [%s] [3] Starting download..., xrefs: 00405A8B
                                                                                                                                                                                                      • [HttpDownloader] Unable to set internet option correctly, xrefs: 00405B09
                                                                                                                                                                                                      • [HttpDownloader] [%s] Connection setup, querying length, xrefs: 00405C58
                                                                                                                                                                                                      • [HttpDownloader] [%s] Required file size is unknown!, xrefs: 00405D08
                                                                                                                                                                                                      • [HttpDownloader] [%s] Starting to write data to file..., xrefs: 00405EA8
                                                                                                                                                                                                      • [HttpDownloader] [%s] Warning: download complete but required length is still %d., xrefs: 00405F06
                                                                                                                                                                                                      • [HttpDownloader] [%s] Read 0 bytes so finishing., xrefs: 00405ED4
                                                                                                                                                                                                      • HttpSendRequest, xrefs: 00405B2A
                                                                                                                                                                                                      • [HttpDownloader] lpszUrlPath = %s, xrefs: 004059A8
                                                                                                                                                                                                      • [HttpDownloader] [%s] InternetErrorDlg return code is %d, xrefs: 00405BF4
                                                                                                                                                                                                      • [HttpDownloader] [%s] Closing buffer... (download took %lf), xrefs: 00405FA5
                                                                                                                                                                                                      • HttpOpenRequest/InternetOpenUrl, xrefs: 00405A7B
                                                                                                                                                                                                      • JWrapperDownloader, xrefs: 00405852
                                                                                                                                                                                                      • [HttpDownloader] [%s] [4] Starting download..., xrefs: 00405B6F
                                                                                                                                                                                                      • InternetReadFile, xrefs: 00405F66
                                                                                                                                                                                                      • [HttpDownloader] [%s] Crack result is %d, xrefs: 004058E6
                                                                                                                                                                                                      • [HttpDownloader] secure = %d, xrefs: 004059B8
                                                                                                                                                                                                      • [HttpDownloader] [%s] Required file size is %d, xrefs: 00405C94
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet_memset$Time_strncpytime$ConnectCrackOpen_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: CrackURL$Direct$GET$HTTP/1.1$HttpDownloader$HttpOpenRequest/InternetOpenUrl$HttpSendRequest$InternetConnect$InternetOpen$InternetReadFile$InternetSetOption$JWrapperDownloader$Proxy Non Auto$YYWh$[HttpDownloader] Hostname = %s$[HttpDownloader] Unable to set internet option correctly$[HttpDownloader] [%s] Attempting to crack URL$[HttpDownloader] [%s] Closing buffer... (download took %lf)$[HttpDownloader] [%s] Connection setup, querying length$[HttpDownloader] [%s] Copying proxy settings.$[HttpDownloader] [%s] Could not get proxy credentials.$[HttpDownloader] [%s] Crack result is %d$[HttpDownloader] [%s] Download is now active.$[HttpDownloader] [%s] InternetErrorDlg return code is %d$[HttpDownloader] [%s] No proxy settings detected.$[HttpDownloader] [%s] Opened file. Set downloadWorked to TRUE (%d)$[HttpDownloader] [%s] Proxy thread returning as another has connected to the proxy$[HttpDownloader] [%s] Read 0 bytes so finishing.$[HttpDownloader] [%s] Required file size is %d$[HttpDownloader] [%s] Required file size is unknown!$[HttpDownloader] [%s] Skipping for debug purposes.$[HttpDownloader] [%s] Starting to write data to file...$[HttpDownloader] [%s] Status code is %d$[HttpDownloader] [%s] Thread returning as another has worked$[HttpDownloader] [%s] Unable initialise HTTP connection$[HttpDownloader] [%s] Using override proxy settings.$[HttpDownloader] [%s] Warning: download complete but required length is still %d.$[HttpDownloader] [%s] [1] Starting download...$[HttpDownloader] [%s] [3] Starting download...$[HttpDownloader] [%s] [4] Starting download...$[HttpDownloader] [%s] [Special Case] No existing proxy settings found.$[HttpDownloader] lpszUrlPath = %s$[HttpDownloader] nPort = %d$[HttpDownloader] secure = %d$YB
                                                                                                                                                                                                      • API String ID: 1235536807-1850721727
                                                                                                                                                                                                      • Opcode ID: d7f52628472e0e7031cae4918f4f2b87651767aa33a3b8e7cfff085101bdf453
                                                                                                                                                                                                      • Instruction ID: 676bbbe4d49a9f7760777792a0ee52fa27303b07b11f1c2cb603efddabdd2104
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7f52628472e0e7031cae4918f4f2b87651767aa33a3b8e7cfff085101bdf453
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F812BF72800614AADF21AF518C0A99ABBB9FF44B00FA4C0FBF588751D1DE794A91CF59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004092EF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 46stringmemorywindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000001,?,?,?,00405A58,HttpDownloader,CrackURL), ref: 004092F6
                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409312
                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409321
                                                                                                                                                                                                      • lstrlenA.KERNEL32(XZ@,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409328
                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000028,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409331
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409359
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,00405A58,HttpDownloader,CrackURL), ref: 0040935C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$FreeTimelstrlentime$AllocErrorFormatLastMessage_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: XZ@$[%s] %s failed with error %d: %s
                                                                                                                                                                                                      • API String ID: 3521841142-4000595906
                                                                                                                                                                                                      • Opcode ID: 2fdbbcb3fbd8ba353d04be2727cb78de9648fcd47ed2cfde695ea1257186ea11
                                                                                                                                                                                                      • Instruction ID: cab441daa153fd8d144c1febee8be64bb425ace0936ccc3f12c73b01cb4a3f21
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fdbbcb3fbd8ba353d04be2727cb78de9648fcd47ed2cfde695ea1257186ea11
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5F0D1B2600208BFDB015FE0DC49CAFBF7CEB48360B010065FB05A61A1DA709E04DBA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004035BA Relevance: 420.1, APIs: 60, Strings: 179, Instructions: 1844COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004035F5
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403602
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040360F
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040361C
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403629
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403636
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403643
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403650
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040365D
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040366A
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403677
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403684
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403698
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004036A5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004036B2
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,0040145F), ref: 0040189D
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetProcAddress.KERNEL32(00000000), ref: 004018A4
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetCurrentProcess.KERNEL32(00000000,?,?,?,0040145F), ref: 004018B4
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 004036DF
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 004037F3
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403823
                                                                                                                                                                                                        • Part of subcall function 0041B6D3: __lock.LIBCMT ref: 0041B6E1
                                                                                                                                                                                                        • Part of subcall function 0041B6D3: __getdcwd_nolock.LIBCMT ref: 0041B6F3
                                                                                                                                                                                                        • Part of subcall function 0040A031: _strlen.LIBCMT ref: 0040A042
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040386D
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040388F
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 004038B0
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004038EA
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004038FA
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00403993
                                                                                                                                                                                                      • _strncpy.LIBCMT ref: 004039A7
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00403B2E
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00403B5B
                                                                                                                                                                                                      • _strncpy.LIBCMT ref: 00403B75
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00403B9D
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00403D71
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00403D97
                                                                                                                                                                                                        • Part of subcall function 00402C91: _strlen.LIBCMT ref: 00402C9F
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00403FA5
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00403FB9
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403FC6
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00403FD6
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00404025
                                                                                                                                                                                                      • _printf.LIBCMT ref: 0040404D
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 004040C7
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 004041C3
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 004041EC
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00404252
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00404287
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00404316
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00404330
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004043C3
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004044E0
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 004045E6
                                                                                                                                                                                                      • ConvertStringSidToSidA.ADVAPI32(S-1-5-32-545,?), ref: 0040471F
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00404806
                                                                                                                                                                                                        • Part of subcall function 00406AF3: EnterCriticalSection.KERNEL32(?,?,00405FBA,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406AF8
                                                                                                                                                                                                        • Part of subcall function 00406AF3: _printf.LIBCMT ref: 00406B15
                                                                                                                                                                                                        • Part of subcall function 00406AF3: SetEvent.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B2D
                                                                                                                                                                                                        • Part of subcall function 00406AF3: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B32
                                                                                                                                                                                                        • Part of subcall function 00406AF3: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B35
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040498E
                                                                                                                                                                                                        • Part of subcall function 00401EF7: _malloc.LIBCMT ref: 00401F6C
                                                                                                                                                                                                        • Part of subcall function 00401EF7: _malloc.LIBCMT ref: 00401F80
                                                                                                                                                                                                        • Part of subcall function 004015D5: _malloc.LIBCMT ref: 004015DC
                                                                                                                                                                                                        • Part of subcall function 00401580: _malloc.LIBCMT ref: 00401587
                                                                                                                                                                                                        • Part of subcall function 004073C4: _malloc.LIBCMT ref: 004073D8
                                                                                                                                                                                                        • Part of subcall function 004073C4: _memset.LIBCMT ref: 004073E4
                                                                                                                                                                                                        • Part of subcall function 0040744C: _memset.LIBCMT ref: 00407505
                                                                                                                                                                                                        • Part of subcall function 0040744C: _memset.LIBCMT ref: 00407517
                                                                                                                                                                                                        • Part of subcall function 0040744C: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 0040753C
                                                                                                                                                                                                        • Part of subcall function 0040744C: GetLastError.KERNEL32 ref: 00407546
                                                                                                                                                                                                        • Part of subcall function 00418D4A: __lock.LIBCMT ref: 00418D68
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_find_block.LIBCMT ref: 00418D73
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_free_block.LIBCMT ref: 00418D82
                                                                                                                                                                                                        • Part of subcall function 00418D4A: RtlFreeHeap.NTDLL(00000000,?,00445DA0,0000000C,0042173E,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D), ref: 00418DB2
                                                                                                                                                                                                        • Part of subcall function 00418D4A: GetLastError.KERNEL32(?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 00418DC3
                                                                                                                                                                                                        • Part of subcall function 004018C8: _malloc.LIBCMT ref: 004018D3
                                                                                                                                                                                                        • Part of subcall function 004018C8: Sleep.KERNEL32(00000032,?,?,?,?,?,00001388,004048A2,[Extractor] Renaming GU folder to %s,?), ref: 00401943
                                                                                                                                                                                                        • Part of subcall function 004018C8: MoveFileExA.KERNEL32(?,?,00000003(MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED)), ref: 00401954
                                                                                                                                                                                                        • Part of subcall function 004018C8: Sleep.KERNEL32(0000012C,?,?,?,?,?,00001388,004048A2,[Extractor] Renaming GU folder to %s,?), ref: 00401974
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00404AD7
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00404B4E
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00404BC5
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00404E78
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00404F58
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00404FDA
                                                                                                                                                                                                        • Part of subcall function 00406829: DeleteFileA.KERNEL32(00000000,?,00000000,00404F98,00000000), ref: 0040683A
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040506C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor] Native Splash PNG path is %s, xrefs: 00404924
                                                                                                                                                                                                      • {, xrefs: 004037D7
                                                                                                                                                                                                      • [JREDownload] ************************** Unable to open version file! [%d], xrefs: 00404C95
                                                                                                                                                                                                      • [Extractor] GU temp is %s, xrefs: 004047C9
                                                                                                                                                                                                      • Extracting Offline JRE, xrefs: 0040499E, 00404AB0
                                                                                                                                                                                                      • silent_parameter, xrefs: 00403F45
                                                                                                                                                                                                      • [JREOverride] Ignoring empty JRE name, keeping %s, xrefs: 004041FC
                                                                                                                                                                                                      • [Extractor] The executable name is %s, xrefs: 0040385E
                                                                                                                                                                                                      • JWrapper-, xrefs: 004040F3, 00404B97, 00404BDE, 00404D95
                                                                                                                                                                                                      • A, xrefs: 0040373B
                                                                                                                                                                                                      • [Extractor] Latest GU version exists: %s, xrefs: 0040457F
                                                                                                                                                                                                      • rt.jar, xrefs: 0040444A
                                                                                                                                                                                                      • [Extractor] APP folder is %s, xrefs: 00404FF7
                                                                                                                                                                                                      • R, xrefs: 004037BB
                                                                                                                                                                                                      • [Extractor] Offline installer - app to extract., xrefs: 00404FE6
                                                                                                                                                                                                      • [Extractor] Configuring splash, xrefs: 0040492E
                                                                                                                                                                                                      • [JREDownload] Version invalid (too long), xrefs: 00404CFE
                                                                                                                                                                                                      • [Extractor] Recreating GU location, xrefs: 004048BB
                                                                                                                                                                                                      • m, xrefs: 0040372F
                                                                                                                                                                                                      • show_no_ui, xrefs: 00403A60, 00403F84
                                                                                                                                                                                                      • [JREDownload] Failed to detect or download a JRE (no jre version), xrefs: 00404E82
                                                                                                                                                                                                      • [DynProps] Dynamic Param %d: %s=[%s], xrefs: 004039D7
                                                                                                                                                                                                      • [DynProps] Windows APP ID is %s, xrefs: 00403C19
                                                                                                                                                                                                      • jre_name, xrefs: 00403BC9
                                                                                                                                                                                                      • [Extractor] Online installer - no stored JRE, will check for compatible system JRE, xrefs: 00404AEE
                                                                                                                                                                                                      • \, xrefs: 00403743
                                                                                                                                                                                                      • [Extractor] Note: Latest GU version does exist, xrefs: 004046D4
                                                                                                                                                                                                      • [Extractor] Extracting JRE archive..., xrefs: 00404A32
                                                                                                                                                                                                      • [Extractor] ONLINE wrapper: No App embedded, GU will download and run, xrefs: 00404291
                                                                                                                                                                                                      • [Extractor] Renamed JRE folder to %s, xrefs: 00404EDF
                                                                                                                                                                                                      • ERROR - unable to import public key., xrefs: 00404048
                                                                                                                                                                                                      • Q, xrefs: 0040374B
                                                                                                                                                                                                      • [DynProps] Splash Image is %s..., xrefs: 00403B85
                                                                                                                                                                                                      • [Extractor] Unable to create GU Temp folder - assuming elevation required, xrefs: 004047E5
                                                                                                                                                                                                      • [Extractor] Regenerating jsa..., xrefs: 00404A5B
                                                                                                                                                                                                      • ., xrefs: 00403703
                                                                                                                                                                                                      • [JREDownload] Failed to download and extract JRE archive., xrefs: 00404E13
                                                                                                                                                                                                      • [JREDownload] Regenerating jsa..., xrefs: 00404E1D
                                                                                                                                                                                                      • ,, xrefs: 0040379B
                                                                                                                                                                                                      • [Extractor] Note: No latest JRE version exists, xrefs: 004046B2
                                                                                                                                                                                                      • [DynProps] Splash Image is %s, xrefs: 00403B67
                                                                                                                                                                                                      • [JREDownload] Finalising setup of new JRE %s, xrefs: 00404E95
                                                                                                                                                                                                      • JWApps, xrefs: 00404158
                                                                                                                                                                                                      • <, xrefs: 0040375B
                                                                                                                                                                                                      • [Extractor] Public key empty (no public key), xrefs: 00404075
                                                                                                                                                                                                      • [DynProps] JRE name from dynamic launch properties is %s, xrefs: 00403BF5
                                                                                                                                                                                                      • install_type, xrefs: 00403EC4
                                                                                                                                                                                                      • [Extractor] APP temp is %s, xrefs: 00405008
                                                                                                                                                                                                      • force_spawn, xrefs: 00403AEA
                                                                                                                                                                                                      • skip_system_jre, xrefs: 00403F69
                                                                                                                                                                                                      • [Extractor] Shared dir is %s, xrefs: 004040A5
                                                                                                                                                                                                      • [Extractor] Renaming GU folder to %s, xrefs: 0040488D
                                                                                                                                                                                                      • JWrapper, xrefs: 004042B9, 00404770, 00405099
                                                                                                                                                                                                      • [Extractor] Our App version is newer than existing latest version so will extract and run, xrefs: 00404624
                                                                                                                                                                                                      • [Extractor] Found Params marker. Extracting now..., xrefs: 004038D1
                                                                                                                                                                                                      • -Xshare:dump, xrefs: 00404A7F, 00404E48
                                                                                                                                                                                                      • [Extractor] The absolute wrapper path is %s, xrefs: 00403853
                                                                                                                                                                                                      • [DynProps] Dynamic Update URL: %s, xrefs: 00403A0E
                                                                                                                                                                                                      • Damaged, xrefs: 00404338, 00404364, 004044E8, 00404514
                                                                                                                                                                                                      • [Extractor] Renaming App folder to %s, xrefs: 0040508D
                                                                                                                                                                                                      • /, xrefs: 004036FF
                                                                                                                                                                                                      • [Extractor] Update URL is now '%s', xrefs: 004040E3
                                                                                                                                                                                                      • wrapper_autotest, xrefs: 00403A43
                                                                                                                                                                                                      • [JREDownload] JRE version downloaded OK [%s], xrefs: 00404C6C
                                                                                                                                                                                                      • true, xrefs: 00403A36, 00403A76, 00403AA4, 00403AD2, 00403B00, 00403F7F
                                                                                                                                                                                                      • [Extractor] Public Key: %08X, xrefs: 0040405D
                                                                                                                                                                                                      • [Extractor] No latest GU or JRE version exists, will check tail for online/offline info, xrefs: 0040469E
                                                                                                                                                                                                      • Extracting tail, xrefs: 00403E8C
                                                                                                                                                                                                      • [JREDownload] Extracting version: , xrefs: 00404CA1
                                                                                                                                                                                                      • Processing dynamic properties, xrefs: 00403C4F
                                                                                                                                                                                                      • [Extractor] Public key length %d (no public key), xrefs: 0040408D
                                                                                                                                                                                                      • z, xrefs: 004036F7
                                                                                                                                                                                                      • [Extractor] Note: Latest JRE version does exist, xrefs: 004046B9
                                                                                                                                                                                                      • bin, xrefs: 004043CF, 004043FF
                                                                                                                                                                                                      • [Proxy] No working proxy was found, so no proxy to be saved., xrefs: 00404F9A
                                                                                                                                                                                                      • >, xrefs: 004036FB
                                                                                                                                                                                                      • splash_image, xrefs: 00403B44
                                                                                                                                                                                                      • No latest App version even after download!, xrefs: 004050B1
                                                                                                                                                                                                      • [Extractor] Hex: %s, xrefs: 0040400A
                                                                                                                                                                                                      • g, xrefs: 00403797
                                                                                                                                                                                                      • update_url, xrefs: 004039F6, 00403EB2
                                                                                                                                                                                                      • [JREDownload] Extracting JRE archive to %s, xrefs: 00404DFB
                                                                                                                                                                                                      • R, xrefs: 00403777
                                                                                                                                                                                                      • y, xrefs: 004037DB
                                                                                                                                                                                                      • [Extractor] Running without extraction now, xrefs: 00404636
                                                                                                                                                                                                      • [JREDownload] Saving into %s, xrefs: 00404C47
                                                                                                                                                                                                      • Y, xrefs: 0040376B
                                                                                                                                                                                                      • [Extractor] Reinstall is %d, xrefs: 00403E82
                                                                                                                                                                                                      • [Extractor] Setting permissions..., xrefs: 0040504C
                                                                                                                                                                                                      • [Extractor] Silent install is %d, xrefs: 00403E5E
                                                                                                                                                                                                      • [Extractor] Skipping System JRE, xrefs: 00403DA1
                                                                                                                                                                                                      • lib, xrefs: 0040444F
                                                                                                                                                                                                      • +++ Processing %d dynamic properties, xrefs: 00403949
                                                                                                                                                                                                      • [Extractor] UP200 path is %s, xrefs: 00404A23, 00404FC5
                                                                                                                                                                                                      • ?time=, xrefs: 00404BFC
                                                                                                                                                                                                      • [Extractor] Online installer - no app to extract, xrefs: 0040505B
                                                                                                                                                                                                      • wrapper_gu_version, xrefs: 00403F30
                                                                                                                                                                                                      • [Extractor] The existing JWrapper install is broken. Instructing the wrapper to update., xrefs: 0040437E
                                                                                                                                                                                                      • G, xrefs: 0040379F
                                                                                                                                                                                                      • S-1-5-32-545, xrefs: 0040471A
                                                                                                                                                                                                      • [JREDownload] Spaces in version file, assuming EOF, xrefs: 00404D08
                                                                                                                                                                                                      • [Extractor] CACerts override path is %s, xrefs: 004048F1
                                                                                                                                                                                                      • [Proxy] Saving proxy settings now., xrefs: 00404F87
                                                                                                                                                                                                      • Setting up online JRE, xrefs: 00404ABA, 00404EBD
                                                                                                                                                                                                      • ++++++++++++++++++++++++++++++++++++++++++++++++, xrefs: 00403937, 0040393C, 00403953
                                                                                                                                                                                                      • verpatch.exe, xrefs: 00404901
                                                                                                                                                                                                      • [JREDownload] JRE Version is %s, xrefs: 00404D37
                                                                                                                                                                                                      • [DynProps] Decode complete [image size is %d], xrefs: 00403BBC
                                                                                                                                                                                                      • [Extractor] Unable to run (we are just a launcher), xrefs: 004046E8
                                                                                                                                                                                                      • -version.txt, xrefs: 00404BB3, 00404BB8, 00404BF5
                                                                                                                                                                                                      • [Extractor] Will use Static Update URL: %s, xrefs: 00403DD2
                                                                                                                                                                                                      • [Extractor] JRE setup. Overriding cacerts., xrefs: 00404EE9
                                                                                                                                                                                                      • app_name, xrefs: 00403F0C
                                                                                                                                                                                                      • [JREDownload] Downloaded JRE is now ready., xrefs: 00404E62
                                                                                                                                                                                                      • ;, xrefs: 004037DF
                                                                                                                                                                                                      • [Extractor] Existing JRE exists: %s, xrefs: 0040458F
                                                                                                                                                                                                      • [Extractor] Checking for a latest valid GU, xrefs: 004042AF
                                                                                                                                                                                                      • [Extractor] No app version found and we are offline so will extract, xrefs: 00404697
                                                                                                                                                                                                      • E, xrefs: 004037E7
                                                                                                                                                                                                      • [Extractor] Required Java version %s, xrefs: 00403D7C
                                                                                                                                                                                                      • [Extractor] This is an elevated run purely to prepare an installation. Will not show UI or launch an app, xrefs: 00403C60
                                                                                                                                                                                                      • [Extractor] Processed public key of length %d, xrefs: 00403FF4
                                                                                                                                                                                                      • ~, xrefs: 0040373F
                                                                                                                                                                                                      • [Extractor] Repair install is %d, xrefs: 00403E70
                                                                                                                                                                                                      • [Extractor] Extracted GU and GU Version, xrefs: 0040487A
                                                                                                                                                                                                      • [JREDownload] Failed to download JRE version file, xrefs: 00404F1D
                                                                                                                                                                                                      • min_splash_ms, xrefs: 00403ED6
                                                                                                                                                                                                      • [Extractor] GenericUpdater version is %s, xrefs: 00404275
                                                                                                                                                                                                      • [DynProps] Dynamic Param %d: %s=[%s...], xrefs: 004039C3
                                                                                                                                                                                                      • javaw.exe, xrefs: 004043F2
                                                                                                                                                                                                      • [Extractor] Online installer - no stored JRE. Skipping system JRE., xrefs: 00404AE1
                                                                                                                                                                                                      • repair, xrefs: 00403A8E
                                                                                                                                                                                                      • java_version, xrefs: 00403F57
                                                                                                                                                                                                      • [JREDownload] Fetching JRE Version from %s, xrefs: 00404C36
                                                                                                                                                                                                      • 5, xrefs: 0040377F
                                                                                                                                                                                                      • windows_app_id, xrefs: 00403C02
                                                                                                                                                                                                      • splash_buffer, xrefs: 00403B17
                                                                                                                                                                                                      • [Extractor] Update URL is currently '%s', xrefs: 004040BC
                                                                                                                                                                                                      • [JREOverride] No JRE name override, will continue to use %s, xrefs: 00404239
                                                                                                                                                                                                      • -archive.p2.l2, xrefs: 00404DC1
                                                                                                                                                                                                      • can_override_splash, xrefs: 00403EFA
                                                                                                                                                                                                      • *, xrefs: 004037CB
                                                                                                                                                                                                      • reinstall, xrefs: 00403ABC
                                                                                                                                                                                                      • [DynProps] Base64 decoding image..., xrefs: 00403B91
                                                                                                                                                                                                      • [Extractor] Note: No latest GU version exists, xrefs: 004046CD
                                                                                                                                                                                                      • [Extractor] We are copying the JRE. We want to query the JRE version to enable proxy detection., xrefs: 00404B58
                                                                                                                                                                                                      • [Extractor] Using existing JRE of %s, xrefs: 00404F4B
                                                                                                                                                                                                      • [Extractor] Offline installer - no need to download JRE, will extract, xrefs: 00404A04
                                                                                                                                                                                                      • [Extractor] Extracting App..., xrefs: 00405029
                                                                                                                                                                                                      • wrapper_app_version, xrefs: 00403F1E
                                                                                                                                                                                                      • [JREOverride] Ignoring JRE name -, keeping %s, xrefs: 004041DF
                                                                                                                                                                                                      • [Extractor] No GenericUpdater embedded, we are just a launcher, xrefs: 0040425C
                                                                                                                                                                                                      • Unable to create App Temp folder, xrefs: 0040501F
                                                                                                                                                                                                      • [Extractor] Master folder is %s, xrefs: 00404112
                                                                                                                                                                                                      • [Extractor] Saving proxy configuration, xrefs: 00404F71
                                                                                                                                                                                                      • java.exe, xrefs: 004043C8
                                                                                                                                                                                                      • |, xrefs: 0040371F
                                                                                                                                                                                                      • [Extractor] Extracted JRE %s, xrefs: 00404A51
                                                                                                                                                                                                      • [JREOverride] JRE name overriden to %s, xrefs: 0040422C
                                                                                                                                                                                                      • [Extractor] Our GU version is newer than existing latest version so will extract and run, xrefs: 004045C2
                                                                                                                                                                                                      • cacerts, xrefs: 004048DB
                                                                                                                                                                                                      • JreNameOverride, xrefs: 00404169
                                                                                                                                                                                                      • [Extractor] Will now run latest GU %s, xrefs: 004050C1
                                                                                                                                                                                                      • [Extractor] The existing JRE is broken. Instructing the wrapper to update., xrefs: 00404534
                                                                                                                                                                                                      • [JREOverride] Processing JRE Override file (JreNameOverride), xrefs: 0040419A
                                                                                                                                                                                                      • [Utils] Unable to convert SID, xrefs: 0040472F
                                                                                                                                                                                                      • [Extractor] Setting up static properties, xrefs: 00403E99
                                                                                                                                                                                                      • [Extractor] Setting up a JRE (switched:%d), xrefs: 0040497E
                                                                                                                                                                                                      • jwsig_public_key, xrefs: 00403EE8
                                                                                                                                                                                                      • [Extractor] GU folder is %s, xrefs: 004047B9
                                                                                                                                                                                                      • [JREDownload] Failed to pick up any existing system JRE, will download, xrefs: 00404B7B
                                                                                                                                                                                                      • [Utils] Converted SID, xrefs: 00404728
                                                                                                                                                                                                      • nativesplash.png, xrefs: 0040480E, 00404813, 00404912
                                                                                                                                                                                                      • [Extractor] OFFLINE wrapper: App version is %s, xrefs: 004042A3
                                                                                                                                                                                                      • [Extractor] Latest App version is newer or same as our version so will just run, xrefs: 0040462B
                                                                                                                                                                                                      • D, xrefs: 004037C7
                                                                                                                                                                                                      • [Extractor] Latest GUversion is newer or same as our version so will just run, xrefs: 004045CC
                                                                                                                                                                                                      • match_versions, xrefs: 00403A20
                                                                                                                                                                                                      • [Extractor] Will use Dynamic Update URL: %s, xrefs: 00403DCA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$_strlen$_memset$_printf$CriticalErrorEventFileHeapLastProcessSectionSleepTime__lock_strncpytime$AddressAllocateConvertCreateCurrentDeleteEnterFreeHandleLeaveModuleMoveProcString___sbh_find_block___sbh_free_block__getdcwd_nolock_fprintf_sprintf_vfprintf
                                                                                                                                                                                                      • String ID: [JREDownload] Spaces in version file, assuming EOF$[JREDownload] Version invalid (too long)$*$+++ Processing %d dynamic properties$++++++++++++++++++++++++++++++++++++++++++++++++$,$-Xshare:dump$-archive.p2.l2$-version.txt$.$/$5$;$<$>$?time=$A$D$Damaged$E$ERROR - unable to import public key.$Extracting Offline JRE$Extracting tail$G$JWApps$JWrapper$JWrapper-$JreNameOverride$No latest App version even after download!$Processing dynamic properties$Q$R$R$S-1-5-32-545$Setting up online JRE$Unable to create App Temp folder$Y$[DynProps] Base64 decoding image...$[DynProps] Decode complete [image size is %d]$[DynProps] Dynamic Param %d: %s=[%s...]$[DynProps] Dynamic Param %d: %s=[%s]$[DynProps] Dynamic Update URL: %s$[DynProps] JRE name from dynamic launch properties is %s$[DynProps] Splash Image is %s$[DynProps] Splash Image is %s...$[DynProps] Windows APP ID is %s$[Extractor] APP folder is %s$[Extractor] APP temp is %s$[Extractor] CACerts override path is %s$[Extractor] Checking for a latest valid GU$[Extractor] Configuring splash$[Extractor] Existing JRE exists: %s$[Extractor] Extracted GU and GU Version$[Extractor] Extracted JRE %s$[Extractor] Extracting App...$[Extractor] Extracting JRE archive...$[Extractor] Found Params marker. Extracting now...$[Extractor] GU folder is %s$[Extractor] GU temp is %s$[Extractor] GenericUpdater version is %s$[Extractor] Hex: %s$[Extractor] JRE setup. Overriding cacerts.$[Extractor] Latest App version is newer or same as our version so will just run$[Extractor] Latest GU version exists: %s$[Extractor] Latest GUversion is newer or same as our version so will just run$[Extractor] Master folder is %s$[Extractor] Native Splash PNG path is %s$[Extractor] No GenericUpdater embedded, we are just a launcher$[Extractor] No app version found and we are offline so will extract$[Extractor] No latest GU or JRE version exists, will check tail for online/offline info$[Extractor] Note: Latest GU version does exist$[Extractor] Note: Latest JRE version does exist$[Extractor] Note: No latest GU version exists$[Extractor] Note: No latest JRE version exists$[Extractor] OFFLINE wrapper: App version is %s$[Extractor] ONLINE wrapper: No App embedded, GU will download and run$[Extractor] Offline installer - app to extract.$[Extractor] Offline installer - no need to download JRE, will extract$[Extractor] Online installer - no app to extract$[Extractor] Online installer - no stored JRE, will check for compatible system JRE$[Extractor] Online installer - no stored JRE. Skipping system JRE.$[Extractor] Our App version is newer than existing latest version so will extract and run$[Extractor] Our GU version is newer than existing latest version so will extract and run$[Extractor] Processed public key of length %d$[Extractor] Public Key: %08X$[Extractor] Public key empty (no public key)$[Extractor] Public key length %d (no public key)$[Extractor] Recreating GU location$[Extractor] Regenerating jsa...$[Extractor] Reinstall is %d$[Extractor] Renamed JRE folder to %s$[Extractor] Renaming App folder to %s$[Extractor] Renaming GU folder to %s$[Extractor] Repair install is %d$[Extractor] Required Java version %s$[Extractor] Running without extraction now$[Extractor] Saving proxy configuration$[Extractor] Setting permissions...$[Extractor] Setting up a JRE (switched:%d)$[Extractor] Setting up static properties$[Extractor] Shared dir is %s$[Extractor] Silent install is %d$[Extractor] Skipping System JRE$[Extractor] The absolute wrapper path is %s$[Extractor] The executable name is %s$[Extractor] The existing JRE is broken. Instructing the wrapper to update.$[Extractor] The existing JWrapper install is broken. Instructing the wrapper to update.$[Extractor] This is an elevated run purely to prepare an installation. Will not show UI or launch an app$[Extractor] UP200 path is %s$[Extractor] Unable to create GU Temp folder - assuming elevation required$[Extractor] Unable to run (we are just a launcher)$[Extractor] Update URL is currently '%s'$[Extractor] Update URL is now '%s'$[Extractor] Using existing JRE of %s$[Extractor] We are copying the JRE. We want to query the JRE version to enable proxy detection.$[Extractor] Will now run latest GU %s$[Extractor] Will use Dynamic Update URL: %s$[Extractor] Will use Static Update URL: %s$[JREDownload] ************************** Unable to open version file! [%d]$[JREDownload] Downloaded JRE is now ready.$[JREDownload] Extracting JRE archive to %s$[JREDownload] Extracting version: $[JREDownload] Failed to detect or download a JRE (no jre version)$[JREDownload] Failed to download JRE version file$[JREDownload] Failed to download and extract JRE archive.$[JREDownload] Failed to pick up any existing system JRE, will download$[JREDownload] Fetching JRE Version from %s$[JREDownload] Finalising setup of new JRE %s$[JREDownload] JRE Version is %s$[JREDownload] JRE version downloaded OK [%s]$[JREDownload] Regenerating jsa...$[JREDownload] Saving into %s$[JREOverride] Ignoring JRE name -, keeping %s$[JREOverride] Ignoring empty JRE name, keeping %s$[JREOverride] JRE name overriden to %s$[JREOverride] No JRE name override, will continue to use %s$[JREOverride] Processing JRE Override file (JreNameOverride)$[Proxy] No working proxy was found, so no proxy to be saved.$[Proxy] Saving proxy settings now.$[Utils] Converted SID$[Utils] Unable to convert SID$\$app_name$bin$cacerts$can_override_splash$force_spawn$g$install_type$java.exe$java_version$javaw.exe$jre_name$jwsig_public_key$lib$m$match_versions$min_splash_ms$nativesplash.png$reinstall$repair$rt.jar$show_no_ui$silent_parameter$skip_system_jre$splash_buffer$splash_image$true$update_url$verpatch.exe$windows_app_id$wrapper_app_version$wrapper_autotest$wrapper_gu_version$y$z${$|$~
                                                                                                                                                                                                      • API String ID: 3916882640-513785151
                                                                                                                                                                                                      • Opcode ID: 74baa337c0e6674e0643834ebbeeb8093766cf34fb05b147f39902fd83ca9186
                                                                                                                                                                                                      • Instruction ID: 7af23def9b16184bc5fbff695f63bb60958f113972096408f5c5d0021003cc46
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74baa337c0e6674e0643834ebbeeb8093766cf34fb05b147f39902fd83ca9186
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27E2C271D04354AAEF21AB629C06B9EBA75AF01318F1040EFF548761D2DE7D0ED08B6E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004064DC Relevance: 65.1, APIs: 11, Strings: 26, Instructions: 309libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1599 4064dc-406507 SetEnvironmentVariableA * 2 call 40940b 1602 406509-406516 call 40a137 1599->1602 1603 40651b-40653a GetProcAddress call 40a137 1599->1603 1608 406823-406828 1602->1608 1609 406556-40655d 1603->1609 1610 40653c-406554 call 40a137 1603->1610 1612 406578-40657d 1609->1612 1613 40655f-406576 call 40a137 1609->1613 1610->1609 1616 406599-4065a6 call 40a137 1612->1616 1617 40657f-406597 call 40a137 1612->1617 1613->1612 1623 4065a8-4065ab 1616->1623 1624 4065be-4065e1 call 418e27 * 2 1616->1624 1617->1616 1625 4065af-4065b1 1623->1625 1631 4065e3-4065e6 1624->1631 1632 406618-406621 call 418fb0 1624->1632 1625->1624 1627 4065b3-4065bc 1625->1627 1627->1624 1627->1625 1634 4065e8-4065ed 1631->1634 1635 4065ef 1631->1635 1639 406623-406627 1632->1639 1640 406628-406630 1632->1640 1637 4065f4-406616 call 419050 * 2 1634->1637 1635->1637 1637->1631 1637->1632 1639->1640 1642 406632-40666a call 418fb0 call 418e27 call 419050 1640->1642 1643 40666c-406681 1640->1643 1642->1643 1644 406683-406697 call 40a137 1643->1644 1645 406699-4066b5 call 40a137 1643->1645 1644->1645 1658 4066c1-4066f3 call 40a137 call 418e27 call 419050 call 418fb0 1645->1658 1659 4066b7 1645->1659 1669 4066f5-4066f9 1658->1669 1670 40670b-406726 call 40a137 1658->1670 1659->1658 1671 4066fb 1669->1671 1672 4066ff-406709 call 418fb0 1669->1672 1678 406732-406780 call 40a137 1670->1678 1679 406728 1670->1679 1671->1672 1672->1669 1672->1670 1685 4067c2-4067da call 40a137 call 40a335 call 4064c5 1678->1685 1686 406782-4067c0 call 40a137 1678->1686 1679->1678 1695 4067df-4067f8 call 40a137 1685->1695 1686->1685 1700 406803-406821 call 40a137 * 2 1695->1700 1701 4067fa-4067ff 1695->1701 1700->1608 1701->1700
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetEnvironmentVariableA.KERNEL32(_JAVA_OPTIONS,00000000,?,JNI Launch,00000000,00402ADB,?,?,?,?,?,?,?,?), ref: 004064F3
                                                                                                                                                                                                      • SetEnvironmentVariableA.KERNEL32(JAVA_TOOL_OPTIONS,00000000), ref: 004064FB
                                                                                                                                                                                                        • Part of subcall function 0040940B: GetModuleHandleA.KERNEL32(kernel32,?,?,?,?,00401537), ref: 0040942C
                                                                                                                                                                                                        • Part of subcall function 0040940B: GetProcAddress.KERNEL32(00000000,SetDllDirectoryA), ref: 00409438
                                                                                                                                                                                                        • Part of subcall function 0040940B: _malloc.LIBCMT ref: 004094FA
                                                                                                                                                                                                        • Part of subcall function 0040940B: GetCurrentDirectoryA.KERNEL32(000007D0,00000000), ref: 0040950A
                                                                                                                                                                                                        • Part of subcall function 0040940B: SetCurrentDirectoryA.KERNEL32(?), ref: 00409517
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,JNI_CreateJavaVM), ref: 00406521
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004065C3
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004065D1
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00406619
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • JNI_CreateJavaVM, xrefs: 0040651B
                                                                                                                                                                                                      • [JNILauncher] Destroying runtime., xrefs: 00406803
                                                                                                                                                                                                      • [JNILauncher] About to execute static void method., xrefs: 004067C2
                                                                                                                                                                                                      • [JNILaunch] App Argument %d = %s, xrefs: 00406586
                                                                                                                                                                                                      • [JNILauncher] Run complete., xrefs: 004067E2
                                                                                                                                                                                                      • [JNILaunch] Created VM., xrefs: 004066C1
                                                                                                                                                                                                      • [JNILaunch] [ERROR] Unable to load JRE library!, xrefs: 00406509
                                                                                                                                                                                                      • JAVA_TOOL_OPTIONS, xrefs: 004064F6
                                                                                                                                                                                                      • java/lang/String, xrefs: 0040675E
                                                                                                                                                                                                      • main, xrefs: 00406749
                                                                                                                                                                                                      • [JNILaunch] Trimming..., xrefs: 00406599
                                                                                                                                                                                                      • [JNILauncher] Searching for clazz failed!, xrefs: 00406728
                                                                                                                                                                                                      • _JAVA_OPTIONS, xrefs: 004064EE
                                                                                                                                                                                                      • [JNILaunch] Creating VM..., xrefs: 00406699
                                                                                                                                                                                                      • [JNILauncher] Searching for clazz %s, xrefs: 0040670C
                                                                                                                                                                                                      • JNI Launch, xrefs: 004064E3
                                                                                                                                                                                                      • -Djava.class.path=, xrefs: 004065E8
                                                                                                                                                                                                      • [JNILauncher] Searching for main method %s, xrefs: 00406733
                                                                                                                                                                                                      • [JNILaunch] JVM Argument %d = %s, xrefs: 00406543
                                                                                                                                                                                                      • [JNILauncher] Create Java VM Failed!, xrefs: 004066B7
                                                                                                                                                                                                      • [JNILauncher] Set argument %d to %s, xrefs: 0040678E
                                                                                                                                                                                                      • [JNILaunch] ------- JNI Launch call -------, xrefs: 00406527
                                                                                                                                                                                                      • ([Ljava/lang/String;)V, xrefs: 00406744
                                                                                                                                                                                                      • [JNILauncher] Done!, xrefs: 00406817
                                                                                                                                                                                                      • [JNILaunch] CP Argument %d = %s, xrefs: 00406566
                                                                                                                                                                                                      • [JNILaunch] JNI Option %d=%s, xrefs: 00406687
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$AddressCurrentDirectoryEnvironmentProcTimeVariabletime$HandleModule_fprintf_printf_strlen_vfprintf
                                                                                                                                                                                                      • String ID: ([Ljava/lang/String;)V$-Djava.class.path=$JAVA_TOOL_OPTIONS$JNI Launch$JNI_CreateJavaVM$[JNILaunch] ------- JNI Launch call -------$[JNILaunch] App Argument %d = %s$[JNILaunch] CP Argument %d = %s$[JNILaunch] Created VM.$[JNILaunch] Creating VM...$[JNILaunch] JNI Option %d=%s$[JNILaunch] JVM Argument %d = %s$[JNILaunch] Trimming...$[JNILaunch] [ERROR] Unable to load JRE library!$[JNILauncher] About to execute static void method.$[JNILauncher] Create Java VM Failed!$[JNILauncher] Destroying runtime.$[JNILauncher] Done!$[JNILauncher] Run complete.$[JNILauncher] Searching for clazz %s$[JNILauncher] Searching for clazz failed!$[JNILauncher] Searching for main method %s$[JNILauncher] Set argument %d to %s$_JAVA_OPTIONS$java/lang/String$main
                                                                                                                                                                                                      • API String ID: 2629583285-1933699171
                                                                                                                                                                                                      • Opcode ID: 46429b81fa2e3ce4e82f760df451313a20cda48170eb3924279427a7052571a3
                                                                                                                                                                                                      • Instruction ID: 331c978433a6cfa8500f1ceacbb02c0f66661efe7df703c9df5b65a343ccddca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46429b81fa2e3ce4e82f760df451313a20cda48170eb3924279427a7052571a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3A1B472900215AFDB10EFA5DC86E9EB7A4EF08709F21007FF445B72C1CB799A518B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406F4B Relevance: 54.4, APIs: 15, Strings: 16, Instructions: 185sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1707 406f4b-406f64 1708 407085-4070a8 call 41a7c0 1707->1708 1709 406f6a-406f80 call 41a7c0 1707->1709 1714 4070aa 1708->1714 1715 4070af-4070e0 call 418eea call 41c7d3 call 41a1c4 call 4035ba 1708->1715 1716 406f82-406f8d call 418eea 1709->1716 1717 406f94-406faa call 41a7c0 1709->1717 1714->1715 1737 4070e5-4070fd 1715->1737 1724 406f8f call 419e68 1716->1724 1717->1708 1725 406fb0-406fd2 call 418eea call 405fd2 call 418eea call 4011ed 1717->1725 1724->1717 1749 406fd4-406fe1 call 4054f9 call 40780a 1725->1749 1750 406fe6-407043 call 418eea call 406046 call 418eea call 406071 call 418eea Sleep call 40605e * 3 call 406004 Sleep call 406046 1725->1750 1740 407117-40711a 1737->1740 1741 4070ff-407110 call 41a7c0 1737->1741 1744 407120-407131 call 41a7c0 1740->1744 1745 4073b3-4073b9 1740->1745 1741->1740 1751 407112-407115 1741->1751 1757 407133-407142 call 4069ec 1744->1757 1758 407186-407197 call 41a7c0 1744->1758 1749->1750 1841 407045-407069 call 418eea call 406071 call 418eea Sleep 1750->1841 1751->1740 1751->1741 1767 407152-407157 call 418eea 1757->1767 1768 407144-407150 call 418eea 1757->1768 1769 4071a3-4071b4 call 41a7c0 1758->1769 1770 407199-4071a1 call 40a012 1758->1770 1776 40715c-407162 1767->1776 1768->1776 1783 4072f3-407304 call 41a7c0 1769->1783 1784 4071ba-407246 call 41a324 call 418fb0 call 418e27 call 41a4c0 call 409858 call 40a137 * 2 call 418e27 call 40cd70 1769->1784 1786 40717c 1770->1786 1781 407172 1776->1781 1782 407164-407170 call 418eea 1776->1782 1789 407177 call 418eea 1781->1789 1782->1786 1800 407306-407324 call 418eea call 4084b6 1783->1800 1801 40733a-40734b call 41a7c0 1783->1801 1854 407248-40725a call 418eea call 418d4a 1784->1854 1855 40725c-407268 1784->1855 1790 40717d-407185 1786->1790 1789->1786 1820 407330-407335 1800->1820 1821 407326-40732b 1800->1821 1801->1745 1813 40734d-407353 1801->1813 1817 407355-407358 1813->1817 1818 40735e-407372 call 4083cf 1813->1818 1817->1818 1829 407374-407379 1818->1829 1830 40737e-407382 1818->1830 1820->1789 1821->1789 1829->1789 1833 407392-407397 call 418eea 1830->1833 1834 407384-407390 call 418eea 1830->1834 1840 40739c-4073a7 1833->1840 1834->1840 1840->1781 1844 4073ad 1840->1844 1860 40706b-407080 call 418eea call 406071 1841->1860 1844->1745 1854->1855 1858 4072e9-4072ee 1855->1858 1859 40726a-4072a5 call 40847c call 406a95 call 418e27 call 408587 1855->1859 1858->1789 1876 4072aa-4072d3 call 406ee3 call 406b62 1859->1876 1860->1724 1881 4072d5-4072e4 WaitForSingleObject 1876->1881 1881->1790
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _printf$Sleep
                                                                                                                                                                                                      • String ID: --simplehelp-proxytest$--test-macos-arch$-TESTSPLASH$Extracting wrapper tail...$INTEL$JWPREPARE_FOR_LAUNCH_ONLY$ProxyBypassList: %s$ProxyList: %s$[TestSplash] Configure splash to use sh_logo.png$[TestSplash] Initialising splash$[TestSplash] SetProgress %d$[TestSplash] SetProgress -1$[TestSplash] SetProgress 100$[TestSplash] Show$[TestSplash] Sleep$sh_logo.png
                                                                                                                                                                                                      • API String ID: 1313341612-740876235
                                                                                                                                                                                                      • Opcode ID: 346c56b571c969c022f402ab5251a3e2a788c8908e972f4311b5ab94b10e17b6
                                                                                                                                                                                                      • Instruction ID: 3735ecef9e63ac1988939d9292a714beae25e50b0cb1125e975cf0c625ebe3f4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 346c56b571c969c022f402ab5251a3e2a788c8908e972f4311b5ab94b10e17b6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5451DA32648301AEE614BB76AC47F6B33A5EF91729B21003FF805A61D3DD7DA890455E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004079A7 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 236windowregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1882 4079a7-4079c0 1883 407c62-407c68 1882->1883 1884 4079c6-407a2b GetModuleHandleA LoadCursorA LoadIconA RegisterClassA 1882->1884 1885 407a4a-407a9e GetCursorPos MonitorFromPoint GetMonitorInfoA 1884->1885 1886 407a2d-407a38 GetLastError 1884->1886 1888 407aa0-407acd call 407991 call 40797b 1885->1888 1889 407acf-407b07 SystemParametersInfoA call 407991 call 40797b 1885->1889 1886->1885 1887 407a3a-407a45 call 40a137 1886->1887 1897 407c60 1887->1897 1901 407b0b-407b21 1888->1901 1889->1901 1897->1883 1902 407b23-407b2a call 418fb0 1901->1902 1903 407b2c-407b73 call 40797b call 407991 CreateWindowExA 1901->1903 1902->1903 1910 407b75 1903->1910 1911 407b7f-407b8b call 40a7ff 1903->1911 1910->1911 1914 407ba0 1911->1914 1915 407b8d-407b9e call 4077d4 1911->1915 1917 407ba2-407bb1 call 40a7ff 1914->1917 1915->1917 1921 407bb3-407bc5 call 4077d4 1917->1921 1922 407bc7 1917->1922 1924 407bc9-407bd5 call 40a7ff 1921->1924 1922->1924 1928 407bd7-407be9 call 4077d4 1924->1928 1929 407beb 1924->1929 1930 407bed-407c25 SetWindowLongA ShowWindow PeekMessageA SetEvent 1928->1930 1929->1930 1933 407c49-407c55 KiUserCallbackDispatcher 1930->1933 1934 407c27-407c2c 1933->1934 1935 407c57-407c5a KiUserCallbackDispatcher 1933->1935 1934->1935 1936 407c2e-407c31 1934->1936 1935->1897 1936->1933 1937 407c33-407c43 TranslateMessage DispatchMessageA 1936->1937 1937->1933
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32 ref: 004079E0
                                                                                                                                                                                                      • LoadCursorA.USER32(00000000,00007F8A), ref: 004079F0
                                                                                                                                                                                                      • LoadIconA.USER32 ref: 00407A13
                                                                                                                                                                                                      • RegisterClassA.USER32(?), ref: 00407A22
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007F00), ref: 00407A2D
                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00407A7A
                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 00407A8A
                                                                                                                                                                                                      • GetMonitorInfoA.USER32(00000000,00000028), ref: 00407A96
                                                                                                                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 00407AD8
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00407B24
                                                                                                                                                                                                      • CreateWindowExA.USER32(-00000080,JWrapperSplashWindow,?,82000000,00000003,00000003,00000000,00000000,?,00000000,?,00000000), ref: 00407B68
                                                                                                                                                                                                      • SetWindowLongA.USER32(?,000000EB,?), ref: 00407BF6
                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 00407C01
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00407C10
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407C19
                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00407C51
                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407C5A
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CallbackCursorDispatcherInfoLoadMonitorTimeUsertime$ClassCreateErrorEventFromHandleIconLastLongMessageModuleParametersPeekPointRegisterShowSystem_fprintf_printf_strlen_vfprintf
                                                                                                                                                                                                      • String ID: ($0,D$JWrapperSplashWindow$Unable to create SplashWnd$Unable to register class SplashWnd
                                                                                                                                                                                                      • API String ID: 602494848-3471773426
                                                                                                                                                                                                      • Opcode ID: 48241e46658c51e2207dcc81734f5b6c17ad9306440995af5dd6569f22617fd3
                                                                                                                                                                                                      • Instruction ID: 7e5a7d82a65a829b7d14865c5123f53dfa2007913e699dd85669771115bbcb08
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48241e46658c51e2207dcc81734f5b6c17ad9306440995af5dd6569f22617fd3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F81A271A08300AFDB109F75CC89A5FBBA5EB88714F10493EF555E62D1DB78E804CB5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040940B Relevance: 42.2, APIs: 8, Strings: 16, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32,?,?,?,?,00401537), ref: 0040942C
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetDllDirectoryA), ref: 00409438
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004094FA
                                                                                                                                                                                                      • GetCurrentDirectoryA.KERNEL32(000007D0,00000000), ref: 0040950A
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNEL32(?), ref: 00409517
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,?,server,jvm.dll), ref: 004095A4
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,server,jvm.dll), ref: 004095E2
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 0040A673: _strlen.LIBCMT ref: 0040A678
                                                                                                                                                                                                        • Part of subcall function 0040A673: _strlen.LIBCMT ref: 0040A683
                                                                                                                                                                                                      • SetCurrentDirectoryA.KERNEL32(?), ref: 00409632
                                                                                                                                                                                                        • Part of subcall function 0040A673: _memcmp.LIBCMT ref: 0040A69B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDirectory$LibraryLoadTime_strlentime$AddressHandleModuleProc_fprintf_malloc_memcmp_printf_vfprintf
                                                                                                                                                                                                      • String ID: LoadLibrary$SetDllDirectoryA$Utils$[Extractor] Successfully loaded DLL (%s). JVM looks good.$[Extractor] [SEVERE] Unable to load existing JVM dll.$[Extractor] [SEVERE] Unable to open directory (%s)$[JNILaunch] Bin folder is %s$[JNILaunch] WARNING: SetDllDirectoryA could not be found$[Utils] Located DLL (%s)$bin$client$jvm.dll$kernel32$msvcp$server$vcruntime
                                                                                                                                                                                                      • API String ID: 3166593701-908799237
                                                                                                                                                                                                      • Opcode ID: 8922c79760e86d266f3fac5e3c1bc90210c2f99332c2e472b1ae88e620a8e987
                                                                                                                                                                                                      • Instruction ID: 7e00449e7527e9bf7fd4d935e3d2680dac41f34b5acb433a5f83874d97ae95cb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8922c79760e86d266f3fac5e3c1bc90210c2f99332c2e472b1ae88e620a8e987
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 775197729043186BEF24AB659C46ADA77ACDF04744F1000BFF908F61C3DA7C9E558A6D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00408977 Relevance: 35.4, APIs: 6, Strings: 14, Instructions: 385synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2009 408977-4089ce call 41f290 2012 4089d0-4089d2 2009->2012 2013 4089f4-4089ff 2009->2013 2012->2013 2014 4089d4-4089d9 2012->2014 2015 408f03-408f11 call 418d3b 2013->2015 2016 408a05-408a24 call 408837 2013->2016 2017 4089f1 2014->2017 2018 4089db-4089ef call 418d4a 2014->2018 2025 408ef5-408eff call 40a137 2016->2025 2026 408a2a-408a33 call 418fb0 2016->2026 2017->2013 2018->2017 2031 408f00 2025->2031 2026->2025 2032 408a39-408aae call 41a220 call 408837 call 4088fc call 40a066 call 40a137 call 40a0b0 call 419050 2026->2032 2031->2015 2047 408ab0-408acf call 419050 * 2 2032->2047 2048 408ad2-408b20 call 40a0b0 * 2 call 418fb0 * 2 2032->2048 2047->2048 2061 408b62-408b86 call 418d4a 2048->2061 2062 408b22-408b28 2048->2062 2068 408b88-408b9c call 40a012 2061->2068 2069 408bbd-408bd5 call 408894 2061->2069 2064 408b2f-408b33 2062->2064 2066 408b35-408b45 call 40a012 2064->2066 2067 408b46-408b60 2064->2067 2066->2067 2067->2061 2067->2064 2078 408ba1-408bb3 call 40a137 call 4088b1 2068->2078 2076 408be5-408bec 2069->2076 2077 408bd7-408be3 2069->2077 2079 408c26-408c44 call 4088b1 call 418fb0 2076->2079 2080 408bee-408c21 call 408894 call 408837 2076->2080 2077->2078 2093 408bb6-408bb8 2078->2093 2094 408d43-408d76 call 41a324 call 40a137 2079->2094 2095 408c4a-408c55 2079->2095 2080->2031 2093->2015 2105 408d78-408d85 call 40a137 call 419e68 2094->2105 2106 408d8a-408d8c 2094->2106 2095->2094 2097 408c5b-408c5f 2095->2097 2097->2094 2099 408c65-408c69 2097->2099 2099->2094 2100 408c6f-408c73 2099->2100 2100->2094 2102 408c79-408c7d 2100->2102 2102->2094 2104 408c83-408cb4 call 40a137 call 406a95 call 408587 2102->2104 2131 408d22-408d3e WaitForSingleObject call 40a137 2104->2131 2132 408cb6 2104->2132 2105->2106 2107 408df0-408e02 call 41a1c4 call 41bcb1 2106->2107 2108 408d8e-408dc8 call 406ee3 call 41b4da 2106->2108 2124 408e07-408e1a call 40a137 2107->2124 2126 408de2-408dee 2108->2126 2127 408dca-408ddf call 401000 2108->2127 2133 408e1d-408e24 2124->2133 2126->2107 2126->2108 2127->2126 2131->2133 2136 408cbe-408cdd call 406ee3 2132->2136 2133->2093 2137 408e2a-408e3c call 40a137 2133->2137 2136->2131 2143 408cdf-408cf4 call 406b62 2136->2143 2144 408e4d-408e5a call 4099dc 2137->2144 2145 408e3e call 40a35a 2137->2145 2150 408cf6-408d0b call 401000 2143->2150 2151 408d0e-408d20 2143->2151 2156 408e5c-408e6d call 40a137 2144->2156 2157 408e6e-408e9b call 4073c4 call 40741d call 4073f2 * 2 call 40744c 2144->2157 2152 408e43 2145->2152 2150->2151 2151->2131 2155 408cb8 2151->2155 2152->2144 2155->2136 2156->2157 2170 408ea0-408eb6 call 418d4a call 4099dc 2157->2170 2175 408ec7-408ef0 call 41a236 call 419050 2170->2175 2176 408eb8-408ec6 call 40a137 2170->2176 2175->2093 2176->2175
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00408A2B
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00408B01
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00408B10
                                                                                                                                                                                                        • Part of subcall function 00418D4A: __lock.LIBCMT ref: 00418D68
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_find_block.LIBCMT ref: 00418D73
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_free_block.LIBCMT ref: 00418D82
                                                                                                                                                                                                        • Part of subcall function 00418D4A: RtlFreeHeap.NTDLL(00000000,?,00445DA0,0000000C,0042173E,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D), ref: 00418DB2
                                                                                                                                                                                                        • Part of subcall function 00418D4A: GetLastError.KERNEL32(?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 00418DC3
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00408C3B
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,?,?,?,?,?,00000000,?,00000000,[Unarchiver] Extracting %s (::%ld from %s)), ref: 00408D2D
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _fwrite.LIBCMT ref: 00408DB9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Unarchiver] ERROR: Unpacked target (%s) does not exist!, xrefs: 00408EBB
                                                                                                                                                                                                      • .p2, xrefs: 00408AB0, 00408ABB, 00408AC8
                                                                                                                                                                                                      • [Unarchiver] *************************** Unable to extract archive file. Unable to open file for writing., xrefs: 00408D78
                                                                                                                                                                                                      • mixed, xrefs: 004089B9
                                                                                                                                                                                                      • [Unarchiver] WARNING. EOF encountered., xrefs: 00408EF5
                                                                                                                                                                                                      • [Unarchiver] .p2.l2 in sync unarchive complete., xrefs: 00408D33
                                                                                                                                                                                                      • [Unarchiver] Skipping empty file %s, xrefs: 00408BDE
                                                                                                                                                                                                      • [Unarchiver] Extracting to file %s (length:%ld), xrefs: 00408D62
                                                                                                                                                                                                      • [Unarchiver] Requires unpacking200..., xrefs: 00408E2A
                                                                                                                                                                                                      • [Unarchiver] Created folder %s, xrefs: 00408B9C
                                                                                                                                                                                                      • [Unarchiver] Extracting %s (::%ld from %s), xrefs: 00408A74
                                                                                                                                                                                                      • [Unarchiver] .p2.l2 detected. Performing in sync unarchive., xrefs: 00408C83
                                                                                                                                                                                                      • [Unarchiver] ERROR: unpack200 executable (%s) does not exist!, xrefs: 00408E62
                                                                                                                                                                                                      • [Unarchiver] Extracted %s length:%d, xrefs: 00408E10
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$Timetime$ErrorFreeHeapLastObjectSingleWait___sbh_find_block___sbh_free_block__fsopen__lock_fprintf_fwrite_printf_vfprintf
                                                                                                                                                                                                      • String ID: [Unarchiver] *************************** Unable to extract archive file. Unable to open file for writing.$[Unarchiver] .p2.l2 detected. Performing in sync unarchive.$[Unarchiver] .p2.l2 in sync unarchive complete.$[Unarchiver] Created folder %s$[Unarchiver] ERROR: Unpacked target (%s) does not exist!$[Unarchiver] ERROR: unpack200 executable (%s) does not exist!$[Unarchiver] Extracting to file %s (length:%ld)$[Unarchiver] Requires unpacking200...$[Unarchiver] Skipping empty file %s$.p2$[Unarchiver] Extracted %s length:%d$[Unarchiver] Extracting %s (::%ld from %s)$[Unarchiver] WARNING. EOF encountered.$mixed
                                                                                                                                                                                                      • API String ID: 2945291078-3200382007
                                                                                                                                                                                                      • Opcode ID: d864603c15fc8242f928b866d8755f613de71acf93a2695b6def973cef50d1b3
                                                                                                                                                                                                      • Instruction ID: c00acc68b14b7df88f8c543c7ccdb0886403a30639a531cfa361945dd3c66090
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d864603c15fc8242f928b866d8755f613de71acf93a2695b6def973cef50d1b3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52E1C2B28002589BDB21AF65DD45A9AB7B5BF45315F1000FFF548B72C2DAB89E808F1D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A35A Relevance: 33.4, APIs: 7, Strings: 12, Instructions: 112COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2183 40a35a-40a397 call 40a137 call 41a324 2188 40a399 2183->2188 2189 40a3ac-40a3ba call 40a137 2183->2189 2190 40a39e-40a3a4 call 40a137 2188->2190 2195 40a3bc-40a3d0 call 41bd2d call 41c94e 2189->2195 2197 40a3a5-40a3a7 call 419e68 2190->2197 2202 40a3d6-40a3dd 2195->2202 2203 40a47f-40a489 2195->2203 2197->2189 2204 40a3e2 2202->2204 2205 40a3df-40a3e0 2202->2205 2203->2190 2206 40a3e4-40a3e7 2204->2206 2205->2206 2206->2195 2207 40a3e9-40a3f2 2206->2207 2207->2197 2208 40a3f4-40a459 call 40a137 call 41e940 call 40a137 call 41bd2d call 40a137 call 41e940 call 41cdf7 call 41a1c4 call 41e940 call 41bd2d 2207->2208 2228 40a45e-40a47e call 40a137 call 41a1c4 call 41bcb1 2208->2228
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                      • _fgetc.LIBCMT ref: 0040A3BD
                                                                                                                                                                                                      • _fseek.LIBCMT ref: 0040A40A
                                                                                                                                                                                                      • _fgetc.LIBCMT ref: 0040A41E
                                                                                                                                                                                                      • _fseek.LIBCMT ref: 0040A434
                                                                                                                                                                                                      • _fputc.LIBCMT ref: 0040A43F
                                                                                                                                                                                                      • _fseek.LIBCMT ref: 0040A450
                                                                                                                                                                                                      • _fgetc.LIBCMT ref: 0040A459
                                                                                                                                                                                                        • Part of subcall function 00419E68: _doexit.LIBCMT ref: 00419E70
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Windows Subsystem] Now %02X, xrefs: 0040A460
                                                                                                                                                                                                      • r+b, xrefs: 0040A374
                                                                                                                                                                                                      • [Windows Subsystem] Was %02X, xrefs: 0040A427
                                                                                                                                                                                                      • P, xrefs: 0040A386
                                                                                                                                                                                                      • E, xrefs: 0040A38A
                                                                                                                                                                                                      • SS edit - PE sig, xrefs: 0040A47F
                                                                                                                                                                                                      • Could not find marker: %s, xrefs: 0040A484
                                                                                                                                                                                                      • [Windows Subsystem] Fixing %s, xrefs: 0040A36A
                                                                                                                                                                                                      • [Windows Subsystem] Opened %s, xrefs: 0040A3AC
                                                                                                                                                                                                      • [Windows Subsystem] Could not open file %s, xrefs: 0040A399
                                                                                                                                                                                                      • [Windows Subsystem] Found marker OK at %d [+%d = %d], xrefs: 0040A3FB
                                                                                                                                                                                                      • [Windows Subsystem] Skipped to relevant spot %d, xrefs: 0040A413
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fgetc_fseek$Timetime$__fsopen_doexit_fprintf_fputc_printf_vfprintf
                                                                                                                                                                                                      • String ID: Could not find marker: %s$E$P$SS edit - PE sig$[Windows Subsystem] Could not open file %s$[Windows Subsystem] Fixing %s$[Windows Subsystem] Found marker OK at %d [+%d = %d]$[Windows Subsystem] Now %02X$[Windows Subsystem] Opened %s$[Windows Subsystem] Skipped to relevant spot %d$[Windows Subsystem] Was %02X$r+b
                                                                                                                                                                                                      • API String ID: 1029798441-3919754189
                                                                                                                                                                                                      • Opcode ID: 54022972dce4970022b3ea6437a89aae3648125d3719c7417d1f42e3793f1a48
                                                                                                                                                                                                      • Instruction ID: ae578b6a6864b966ec79f4a7e1b4e38594e625630d34e847859530e7169fb798
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54022972dce4970022b3ea6437a89aae3648125d3719c7417d1f42e3793f1a48
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB21F7B39447943AEA1176A65C47FEF6A1C8F9276CF20006FF840391C3AABC095541BF
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406386 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 130synchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00406391
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?), ref: 004063A4
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?), ref: 004063AB
                                                                                                                                                                                                        • Part of subcall function 004069EC: _malloc.LIBCMT ref: 004069FA
                                                                                                                                                                                                        • Part of subcall function 004069EC: _memset.LIBCMT ref: 00406A08
                                                                                                                                                                                                        • Part of subcall function 004069EC: WinHttpGetIEProxyConfigForCurrentUser.WINHTTP(004063CB,00000000,75922F70,00000000,?,004063CB,?,?,?), ref: 00406A21
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 004063D4
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?), ref: 004063E1
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00006321,00000000,00000000,?), ref: 004063FA
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,0040613E,00000000,00000000,?), ref: 0040640C
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,004061B7,00000000,00000000,?), ref: 0040641E
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00406257,00000000,00000000,?), ref: 00406430
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,004062BC,00000000,00000000,?), ref: 00406442
                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000,?,?), ref: 0040644F
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?), ref: 0040645A
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 00405627: _malloc.LIBCMT ref: 00405640
                                                                                                                                                                                                        • Part of subcall function 00405627: _memset.LIBCMT ref: 00405650
                                                                                                                                                                                                        • Part of subcall function 00405627: _strlen.LIBCMT ref: 00405661
                                                                                                                                                                                                        • Part of subcall function 00405627: _malloc.LIBCMT ref: 00405669
                                                                                                                                                                                                        • Part of subcall function 00405627: _strcat.LIBCMT ref: 0040567B
                                                                                                                                                                                                        • Part of subcall function 00405627: _strlen.LIBCMT ref: 0040568B
                                                                                                                                                                                                        • Part of subcall function 00405627: _malloc.LIBCMT ref: 00405693
                                                                                                                                                                                                        • Part of subcall function 00405627: _strcat.LIBCMT ref: 004056A6
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(?,?,?), ref: 00406493
                                                                                                                                                                                                        • Part of subcall function 00406AF3: EnterCriticalSection.KERNEL32(?,?,00405FBA,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406AF8
                                                                                                                                                                                                        • Part of subcall function 00406AF3: _printf.LIBCMT ref: 00406B15
                                                                                                                                                                                                        • Part of subcall function 00406AF3: SetEvent.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B2D
                                                                                                                                                                                                        • Part of subcall function 00406AF3: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B32
                                                                                                                                                                                                        • Part of subcall function 00406AF3: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B35
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [HttpDownloader] Saving any detected proxy settings, xrefs: 0040646D
                                                                                                                                                                                                      • [HttpDownloader] Downloads failed. Closing buffer., xrefs: 004064AA
                                                                                                                                                                                                      • [HttpDownloader] Download Tasks Complete! (success=%d), xrefs: 00406463
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Create$Thread_malloc$EventMutex$CriticalObjectSectionSingleTimeWait_memset_printf_strcat_strlentime$AllocateChangeCloseConfigCurrentEnterFindHeapHttpLeaveNotificationProxyReleaseUser_fprintf_vfprintf
                                                                                                                                                                                                      • String ID: [HttpDownloader] Download Tasks Complete! (success=%d)$[HttpDownloader] Downloads failed. Closing buffer.$[HttpDownloader] Saving any detected proxy settings
                                                                                                                                                                                                      • API String ID: 1179675671-1292727777
                                                                                                                                                                                                      • Opcode ID: 417b38aac6fc4df383eb9a68433b41dfa463ffefecd7beb53da899742fee9317
                                                                                                                                                                                                      • Instruction ID: 36ed05fc70110070f5b6bec2cafaa61fd0ec99cca374d421e0585d75f6a5e459
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 417b38aac6fc4df383eb9a68433b41dfa463ffefecd7beb53da899742fee9317
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E4162B1900209BFDB009FA5DC85DABBFBCFB08754B10452BF519A6191DB749D60CFA8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004068A4 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 114COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2255 4068a4-406900 call 4085ef call 41a4c0 * 2 call 40a137 WinHttpOpen 2264 406906-40690c 2255->2264 2265 4069de-4069eb call 418d4a 2255->2265 2267 40692a-406959 call 40a137 WinHttpGetProxyForUrl 2264->2267 2268 40690e-406927 call 40a137 2264->2268 2274 4069a8-4069b9 GetLastError call 40a137 2267->2274 2275 40695b-406969 call 40a137 2267->2275 2268->2267 2280 4069ba-4069c4 2274->2280 2281 406977-4069a6 call 40a137 * 2 call 40862f * 2 2275->2281 2282 40696b-406975 call 40a137 2275->2282 2283 4069c6-4069c9 GlobalFree 2280->2283 2284 4069cb-4069ce 2280->2284 2281->2280 2282->2280 2283->2284 2287 4069d0-4069d3 GlobalFree 2284->2287 2288 4069d5-4069d8 WinHttpCloseHandle 2284->2288 2287->2288 2288->2265
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004068C7
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004068D6
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • WinHttpOpen.WINHTTP(JWrapper Proxy Detector/1.0,00000001,00000000,00000000,00000000,?,?,?,00000000,00000000,?), ref: 004068F5
                                                                                                                                                                                                      • WinHttpGetProxyForUrl.WINHTTP(?,?,?,?,?,?,?,00000000,00000000,?), ref: 00406951
                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 004069C9
                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 004069D3
                                                                                                                                                                                                      • WinHttpCloseHandle.WINHTTP(?,?,?,?,00000000,00000000,?), ref: 004069D8
                                                                                                                                                                                                        • Part of subcall function 0040862F: _malloc.LIBCMT ref: 0040864B
                                                                                                                                                                                                        • Part of subcall function 0040862F: _mbstowcs_s.LIBCMT ref: 0040865D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Http$FreeGlobalTime_memsettime$CloseHandleOpenProxy_fprintf_malloc_mbstowcs_s_printf_vfprintf
                                                                                                                                                                                                      • String ID: JWrapper Proxy Detector/1.0$[Proxy] %S$[Proxy] Attempting to detect proxy for URL %S$[Proxy] Configuration NOT found (%d)$[Proxy] Configuration found$[Proxy] Direct connection used$[Proxy] Opening HTTP Session$[Proxy] Using auto config URL: %S
                                                                                                                                                                                                      • API String ID: 4197155640-407678353
                                                                                                                                                                                                      • Opcode ID: 771779606b1bd53dc815412ae1b164400f25014018fe9b532f8dd20fcd0a6c72
                                                                                                                                                                                                      • Instruction ID: 96d067b8a79d08101a2fc2fe6f7f290ad4014a9830e06e0a17f15675fee99fab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 771779606b1bd53dc815412ae1b164400f25014018fe9b532f8dd20fcd0a6c72
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20316FB2801219BADF10AFA1EC469AEBB78EF04715F20003FF445B51D1DB794A608BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00408F12 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 150COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 0041A1C4: _flsall.LIBCMT ref: 0041A1D8
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00408FB0
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00408FCB
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00409014
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409038
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00409044
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ***********************************************************************, xrefs: 004090A4, 004090A9, 004090D0
                                                                                                                                                                                                      • [Unarchiver] [START] Extracting archive %s, xrefs: 00408F36
                                                                                                                                                                                                      • [Unarchiver] Archive signature verified., xrefs: 00409072
                                                                                                                                                                                                      • [Unarchiver] Verifying signature, xrefs: 00409000
                                                                                                                                                                                                      • [Unarchiver] [END] Extracting archive %s, xrefs: 00409081
                                                                                                                                                                                                      • [Unarchiver] Produced a signature of length %d, xrefs: 00409059
                                                                                                                                                                                                      • mixed, xrefs: 00408F6D, 00408F94, 0040900A
                                                                                                                                                                                                      • WARNING: Error registering mixed hash, xrefs: 00408FAB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$Time_printftime$_flsall_fprintf_strlen_vfprintf
                                                                                                                                                                                                      • String ID: ***********************************************************************$WARNING: Error registering mixed hash$[Unarchiver] Archive signature verified.$[Unarchiver] Produced a signature of length %d$[Unarchiver] Verifying signature$[Unarchiver] [END] Extracting archive %s$[Unarchiver] [START] Extracting archive %s$mixed
                                                                                                                                                                                                      • API String ID: 474290880-1771416132
                                                                                                                                                                                                      • Opcode ID: d6efa51685a960e48b0689effa70e7c19fb2b3c4533ed187a2de7343c34db8e1
                                                                                                                                                                                                      • Instruction ID: d75706bd127d0d38ee6060501c9cccd044f2e3319a35ab1ba3a656b43f965466
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6efa51685a960e48b0689effa70e7c19fb2b3c4533ed187a2de7343c34db8e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0941D5B29043006BC710BF768C46DAFB6A89F85724F101A3FF594A62D2DF3D8855869F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A584 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2364 40a584-40a5aa call 41a7c0 2367 40a623-40a632 call 41a7c0 2364->2367 2368 40a5ac-40a5d0 call 40a137 GetVersionExA 2364->2368 2375 40a634-40a639 2367->2375 2376 40a63b 2367->2376 2373 40a5d2-40a5d9 2368->2373 2374 40a5e8-40a621 call 41bbbb call 418e27 call 419050 call 40a031 call 40a012 2368->2374 2373->2374 2377 40a5db-40a5e6 call 41bbbb 2373->2377 2389 40a64d-40a64f 2374->2389 2378 40a640-40a646 call 40a137 call 409e4c 2375->2378 2376->2378 2386 40a64b 2377->2386 2378->2386 2386->2389 2391 40a651-40a65e call 40a137 call 419e68 2389->2391 2392 40a663-40a672 call 418d3b 2389->2392 2391->2392
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(?,00000000,?), ref: 0040A5C8
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 0040A5E0
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 0040A5ED
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040A5FB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time_getenvtime$Version_fprintf_malloc_printf_vfprintf
                                                                                                                                                                                                      • String ID: ALLUSERSPROFILE$Application Data$ERROR: Unable to get shared dir!$PROGRAMDATA$Permanent install for all users$Permanent install for current user$Temporary install$perm_all$perm_user
                                                                                                                                                                                                      • API String ID: 862651357-2489633024
                                                                                                                                                                                                      • Opcode ID: 4b371f99494e09306df43dd6be5e64f5d0fa16ee74b1da37309f9c1d534d9f6e
                                                                                                                                                                                                      • Instruction ID: 1a88c98f2a61bcf1c5f3044efdf26fcbb530f8516265692a6895737f976c5da6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b371f99494e09306df43dd6be5e64f5d0fa16ee74b1da37309f9c1d534d9f6e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C311D5326047146AEB24BB669C03B9E77A48F01718F24047FF480B61C3EEBD9991469F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040744C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 114processsynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 0041A1C4: _flsall.LIBCMT ref: 0041A1D8
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00407505
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00407517
                                                                                                                                                                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 0040753C
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00407546
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00407575
                                                                                                                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00407588
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040759A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004075A2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Spawner] runSpawnerAndWait returned %d, xrefs: 004075AA
                                                                                                                                                                                                      • [Spawner] Creating command line '%s', xrefs: 004074E0
                                                                                                                                                                                                      • [Spawner] Constructing command line..., xrefs: 00407465
                                                                                                                                                                                                      • CreateProcess failed (%d)., xrefs: 0040754D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleProcessTime_memsettime$CodeCreateErrorExitLastObjectSingleWait_flsall_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: CreateProcess failed (%d).$[Spawner] Constructing command line...$[Spawner] Creating command line '%s'$[Spawner] runSpawnerAndWait returned %d
                                                                                                                                                                                                      • API String ID: 2753444135-1739357255
                                                                                                                                                                                                      • Opcode ID: c4af68d3fc3c516a4801270c64ff4e6c4b3672b72ca7fa3e7c7b1cd0779e9c29
                                                                                                                                                                                                      • Instruction ID: 5c1cb7884624b4062d39ce838264df3df39bf00f83e4879998b76b264ef26d06
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4af68d3fc3c516a4801270c64ff4e6c4b3672b72ca7fa3e7c7b1cd0779e9c29
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C318CB1D5431CAAFB20ABA19C46DEE777CEB04718F1442ABB508A21C1D6385FD48F5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401627 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 90COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __time64.LIBCMT ref: 00401646
                                                                                                                                                                                                        • Part of subcall function 0041BE64: GetSystemTimeAsFileTime.KERNEL32(h[@,?,?,?,00405B68,?), ref: 0041BE6D
                                                                                                                                                                                                        • Part of subcall function 0041BE64: __aulldiv.LIBCMT ref: 0041BE8D
                                                                                                                                                                                                        • Part of subcall function 0041B9C4: ___getgmtimebuf.LIBCMT ref: 0041B9C5
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040166A
                                                                                                                                                                                                      • _strftime.LIBCMT ref: 00401680
                                                                                                                                                                                                        • Part of subcall function 0041B3A3: __Strftime_l.LIBCMT ref: 0041B3B7
                                                                                                                                                                                                      • __ftime64_s.LIBCMT ref: 0040168C
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 004016B1
                                                                                                                                                                                                      • _fopen_s.LIBCMT ref: 00401713
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time$FileStrftime_lSystem___getgmtimebuf__aulldiv__ftime64_s__time64_fopen_s_memset_sprintf_strftime
                                                                                                                                                                                                      • String ID: %Y-%m-%d-%H-%M-%S$%s-%03d.log$Wrapper-$[Extractor] Logging to %s$[Extractor] Opening the file for writing returned %d$logs
                                                                                                                                                                                                      • API String ID: 1149022203-146057169
                                                                                                                                                                                                      • Opcode ID: 278b07efc5ebe9b9d1fdf8240e17e8f6e4174ea3b3e7dc2f611b33c60c12d511
                                                                                                                                                                                                      • Instruction ID: 5e92f0cec483712c1a01ede46a7e7fcc538186a8df4d838991c7cee1d9f9ba60
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 278b07efc5ebe9b9d1fdf8240e17e8f6e4174ea3b3e7dc2f611b33c60c12d511
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 042187F2D0021866CB50FA659C46EDB77ACDB08704F1040BBB549E2182DE7C9E898BE9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004083CF Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 68synchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2478 4083cf-408469 call 406a95 call 40a137 call 41c794 * 2 call 41a324 CreateThread * 2 WaitForSingleObject * 2 2489 408475 2478->2489 2490 40846b-40846e 2478->2490 2492 408477-40847b 2489->2492 2490->2489 2491 408470-408473 2490->2491 2491->2492
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00406A95: _calloc.LIBCMT ref: 00406AA0
                                                                                                                                                                                                        • Part of subcall function 00406A95: _calloc.LIBCMT ref: 00406AB9
                                                                                                                                                                                                        • Part of subcall function 00406A95: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406AD4
                                                                                                                                                                                                        • Part of subcall function 00406A95: CreateEventA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406ADE
                                                                                                                                                                                                        • Part of subcall function 00406A95: InitializeCriticalSection.KERNEL32(00000020,?,?,?,00000000,?,?,?,?,?,?,00000000,?,00000000,[Unarchiver] Extracting %s (::%ld from %s),00000000), ref: 00406AE7
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 004083FC
                                                                                                                                                                                                        • Part of subcall function 0041C794: __calloc_impl.LIBCMT ref: 0041C7A7
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 0040840C
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0000820D,00000000,00000000,00000000), ref: 00408434
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_000082B0,00000000,00000000,00000000), ref: 00408447
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,00402E09,?,?,?,?), ref: 00408455
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,00402E09,?,?,?,?), ref: 00408460
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Create_calloc$EventObjectSingleThreadTimeWaittime$CriticalInitializeSection__calloc_impl__fsopen_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: -version.txt$JWrapper-$[Streamer] Downloading from %s into %s
                                                                                                                                                                                                      • API String ID: 1826255101-128749009
                                                                                                                                                                                                      • Opcode ID: 04daa2feda089c053a93be5a2c13029fc89430e389d575325262ef42286f3f48
                                                                                                                                                                                                      • Instruction ID: 685ccfb102e14eb7389b8344e60da02135dbbaa563af4063820585ee443febe0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04daa2feda089c053a93be5a2c13029fc89430e389d575325262ef42286f3f48
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC11EE71540300BBDB216F628C89F577EB8DBC5764F20413EFA58A61D1DA744440C668
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004060BD Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 45synchronizationsleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,Direct,?,0040637B,Direct), ref: 004060D5
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 004060E6
                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(?), ref: 00406106
                                                                                                                                                                                                      • Sleep.KERNEL32(000000C8), ref: 00406115
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(00000000), ref: 00406128
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00406132
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [HttpDownloader] [%s] --- End --- (worked=%d,threads=%d), xrefs: 004060F7
                                                                                                                                                                                                      • [HttpDownloader] [%s] Finishing off thread..., xrefs: 004060C5
                                                                                                                                                                                                      • Direct, xrefs: 004060BE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseTimetime$ChangeEventFindHandleMutexNotificationObjectReleaseSingleSleepWait_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Direct$[HttpDownloader] [%s] --- End --- (worked=%d,threads=%d)$[HttpDownloader] [%s] Finishing off thread...
                                                                                                                                                                                                      • API String ID: 1003788368-3091912359
                                                                                                                                                                                                      • Opcode ID: 024dc099b738112bdcb0ffb550c1246c410ad371c7022bb760d038b090ef37d5
                                                                                                                                                                                                      • Instruction ID: b3818dcb719976e680a2fcd64fad81fa828f268448a37dad77c4cf2adc0bae8c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 024dc099b738112bdcb0ffb550c1246c410ad371c7022bb760d038b090ef37d5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA014C72100700AFE7356F25DC09A06B7F5FF94711F224A2DF0D6A11E1DB35A4248A18
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004069EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004069FA
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00406A08
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • WinHttpGetIEProxyConfigForCurrentUser.WINHTTP(004063CB,00000000,75922F70,00000000,?,004063CB,?,?,?), ref: 00406A21
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Proxy] IE Setting - autodetect, xrefs: 00406A3B
                                                                                                                                                                                                      • [Proxy] IE Setting - explicit, xrefs: 00406A72
                                                                                                                                                                                                      • [Proxy] Got IE Proxy Configuration, xrefs: 00406A2B
                                                                                                                                                                                                      • [Proxy] IE Setting - autoconfig, xrefs: 00406A5D
                                                                                                                                                                                                      • [Proxy] Proxy detection invoked for %s, xrefs: 00406A11
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$AllocateConfigCurrentHeapHttpProxyUser_fprintf_malloc_memset_printf_vfprintf
                                                                                                                                                                                                      • String ID: [Proxy] Got IE Proxy Configuration$[Proxy] IE Setting - autoconfig$[Proxy] IE Setting - autodetect$[Proxy] IE Setting - explicit$[Proxy] Proxy detection invoked for %s
                                                                                                                                                                                                      • API String ID: 86777767-2329187780
                                                                                                                                                                                                      • Opcode ID: 7571da06d8ba6eb148d44704084de27ae067aaed45fb0c04b68d6a4060db000d
                                                                                                                                                                                                      • Instruction ID: 085b40ded5f14747648751aa6cbdc0a845b21f4d985555758372fa88f94e44de
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7571da06d8ba6eb148d44704084de27ae067aaed45fb0c04b68d6a4060db000d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5711C672B003046AEB10BEA6AC0796EF7B8DF81B15F20407FF451B51C1EFB84954866E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004090E1 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 143COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Unknown error, possibly a bug, xrefs: 004091B7
                                                                                                                                                                                                      • lzma_code failed: %d, xrefs: 004092C9
                                                                                                                                                                                                      • Error initializing the decoder: %s (error code %u), xrefs: 004091CC
                                                                                                                                                                                                      • Unsupported decompressor flags, xrefs: 004091BE, 004091CB
                                                                                                                                                                                                      • Memory allocation failed, xrefs: 004091C5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fprintf
                                                                                                                                                                                                      • String ID: Error initializing the decoder: %s (error code %u)$Memory allocation failed$Unknown error, possibly a bug$Unsupported decompressor flags$lzma_code failed: %d
                                                                                                                                                                                                      • API String ID: 1654120334-3560789050
                                                                                                                                                                                                      • Opcode ID: c910621a57b84d90fd289677cbcca561dbbf99619a3c3a69a5cd9e943aeaa0ea
                                                                                                                                                                                                      • Instruction ID: 36a45f3e34d021f81860c555e8f8504a6116de48fd0addb773f1da2b2cec93e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c910621a57b84d90fd289677cbcca561dbbf99619a3c3a69a5cd9e943aeaa0ea
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 155135B1D002289EDF22DF6A8C649D9F7F8AF48310B1545EBE419B3291D7789A80CF59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BF9A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 0041BFC9
                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 0041BFD5
                                                                                                                                                                                                      • __initptd.LIBCMT ref: 0041BFEB
                                                                                                                                                                                                      • CreateThread.KERNEL32(?,?,VvV,00000000,?,?), ref: 0041C019
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 0041C023
                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0041C03B
                                                                                                                                                                                                        • Part of subcall function 00419249: __getptd_noexit.LIBCMT ref: 00419249
                                                                                                                                                                                                        • Part of subcall function 0042147F: __decode_pointer.LIBCMT ref: 00421488
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit__initptd
                                                                                                                                                                                                      • String ID: VvV
                                                                                                                                                                                                      • API String ID: 351847049-2993357689
                                                                                                                                                                                                      • Opcode ID: ece330b415da903e9606553efbc952275059d343a695b7ca00c5e174a78f1243
                                                                                                                                                                                                      • Instruction ID: 244c4e1b480b4125805920134e4498fb428d94edd8036c63527f3702de42d7f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ece330b415da903e9606553efbc952275059d343a695b7ca00c5e174a78f1243
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD110472600205EFDB10BFA5DC828DF7BA4EF14328B50042FF505D3191DB3989818AA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A48E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 00401099
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010CA
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 004010D9
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010E3
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strcat.LIBCMT ref: 004010F9
                                                                                                                                                                                                        • Part of subcall function 0040107C: __findfirst64i32.LIBCMT ref: 00401110
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040A4B7
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040A4CD
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040A51B
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040A523
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [PickFolder] Set latest to %ld %s, xrefs: 0040A537
                                                                                                                                                                                                      • [PickFolder] Folder %s matches %s with version %ld, xrefs: 0040A4F8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$_malloc$__findfirst64i32_strcat
                                                                                                                                                                                                      • String ID: [PickFolder] Folder %s matches %s with version %ld$[PickFolder] Set latest to %ld %s
                                                                                                                                                                                                      • API String ID: 163602548-1774674754
                                                                                                                                                                                                      • Opcode ID: 4823aff2797e53f3cb91c694813d8d5164c709078f81b5ff2e9b398f99d4bdbf
                                                                                                                                                                                                      • Instruction ID: 0827e195ddc4217c15d75eb5b83a66249de3c9f8f77303ca43c16bb8199bc410
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4823aff2797e53f3cb91c694813d8d5164c709078f81b5ff2e9b398f99d4bdbf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8721C536500301BBDB116ABA9C4299F7B75EF44338B20413FF814B62D2EE3D8D61855E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00402CF9 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strncmp.LIBCMT ref: 00402D33
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$_fprintf_printf_strncmp_vfprintf
                                                                                                                                                                                                      • String ID: -version.txt$?time=$JWrapper-$[Extractor] Invalid Update URL. Skipping...$http://0.0.254.254
                                                                                                                                                                                                      • API String ID: 3651366137-3933778784
                                                                                                                                                                                                      • Opcode ID: 05a8f15d4457c530f3bf74bc37b8921da8dadd24b5de693dc5fe2ab6343dad1d
                                                                                                                                                                                                      • Instruction ID: 461ebd96ddeae9f65dc878c50b079d5cb5f1baf6ba481f41aaf12e3fabdead60
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05a8f15d4457c530f3bf74bc37b8921da8dadd24b5de693dc5fe2ab6343dad1d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42314571D0421CAADB15EBA5CC85ADE77BCEF09744F0400EFF10CA2141D6789F948B69
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040812A Relevance: 10.6, APIs: 7, Instructions: 72timewindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowRect.USER32(?,00000000), ref: 00408157
                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,?,?,?,?,00000040), ref: 0040817A
                                                                                                                                                                                                      • GetWindowRect.USER32(?,00000000), ref: 00408195
                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,?,?,?,?,00000040), ref: 004081B8
                                                                                                                                                                                                      • SetTimer.USER32(00000064,0000001E,00407904,00000000), ref: 004081D6
                                                                                                                                                                                                      • KillTimer.USER32(00000000,00000001), ref: 004081EF
                                                                                                                                                                                                      • SendMessageA.USER32(0000000F,00000000,00000000), ref: 00408201
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$RectTimer$KillMessageSend
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2966172134-0
                                                                                                                                                                                                      • Opcode ID: 2a0bf20f7ffefc34129c507f92ba3439110e47268f67377b074c75c34a6517f9
                                                                                                                                                                                                      • Instruction ID: ac1f5ff0c5baa758f86cbf108975b065f2b4025f97ac4873b82256a93dd8b6fb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a0bf20f7ffefc34129c507f92ba3439110e47268f67377b074c75c34a6517f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F821F57691020AAFCB21DFA8DD85AAEBBB9BB05710F100239F610B61F5CB705D11EB58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004061B7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 54synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004061D3
                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(?), ref: 004061E6
                                                                                                                                                                                                        • Part of subcall function 004068A4: _memset.LIBCMT ref: 004068C7
                                                                                                                                                                                                        • Part of subcall function 004068A4: _memset.LIBCMT ref: 004068D6
                                                                                                                                                                                                        • Part of subcall function 004068A4: WinHttpOpen.WINHTTP(JWrapper Proxy Detector/1.0,00000001,00000000,00000000,00000000,?,?,?,00000000,00000000,?), ref: 004068F5
                                                                                                                                                                                                        • Part of subcall function 004068A4: WinHttpGetProxyForUrl.WINHTTP(?,?,?,?,?,?,?,00000000,00000000,?), ref: 00406951
                                                                                                                                                                                                        • Part of subcall function 004068A4: GlobalFree.KERNEL32(?), ref: 004069C9
                                                                                                                                                                                                        • Part of subcall function 004068A4: GlobalFree.KERNEL32(?), ref: 004069D3
                                                                                                                                                                                                        • Part of subcall function 004068A4: WinHttpCloseHandle.WINHTTP(?,?,?,?,00000000,00000000,?), ref: 004069D8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Http$FreeGlobalTime_memsettime$CloseHandleMutexObjectOpenProxyReleaseSingleWait_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: WPAD$[HttpDownloader] [WPAD] +++ Start +++$[HttpDownloader] [WPAD] Detecting WPAD proxy configuration$[HttpDownloader] [WPAD] Got lock - running now.
                                                                                                                                                                                                      • API String ID: 331668544-4111578913
                                                                                                                                                                                                      • Opcode ID: c5ab5c8daf2d732c62677c032b92d1104687837296b16eed04322e75fabacd89
                                                                                                                                                                                                      • Instruction ID: 4454f6861c2e31ba7b859d20d4e3cf789693952be37eabb45e6b9fe354144f25
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5ab5c8daf2d732c62677c032b92d1104687837296b16eed04322e75fabacd89
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C801E5B2104300AFE624EF15EC06B5AB3A4DF80731F20862FF4A4591C1DBB819148A5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004054F9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00405503
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040550D
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00405517
                                                                                                                                                                                                      • _mbstowcs_s.LIBCMT ref: 00405528
                                                                                                                                                                                                        • Part of subcall function 0041C4AB: __mbstowcs_s_l.LIBCMT ref: 0041C4BF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$AllocateHeap__mbstowcs_s_l_malloc_mbstowcs_s
                                                                                                                                                                                                      • String ID: FI@$nativesplash.png
                                                                                                                                                                                                      • API String ID: 895311619-3878480840
                                                                                                                                                                                                      • Opcode ID: 4e7f0b0dca4b068cf5d0dfa21fc0f391d2edab46dba4fd445e5be2e4f441e273
                                                                                                                                                                                                      • Instruction ID: 50eef7ca541424295acf5b439308b5caf176f8003f46dfbcf5084e1dde0ebc81
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e7f0b0dca4b068cf5d0dfa21fc0f391d2edab46dba4fd445e5be2e4f441e273
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE016772800214BADB10AB96DC06DEFBAADDF84754F10405EF905A7141EB74DE4197A9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00408763 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040876C
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0040877A
                                                                                                                                                                                                      • _fgetc.LIBCMT ref: 00408782
                                                                                                                                                                                                      • _fgetc.LIBCMT ref: 004087AA
                                                                                                                                                                                                      • _printf.LIBCMT ref: 004087C0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ***WARNING - STRING TOO LONG FOR ALLOC %d>%d! (READSTRING) [%s], xrefs: 004087BB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fgetc$AllocateHeap_malloc_memset_printf
                                                                                                                                                                                                      • String ID: ***WARNING - STRING TOO LONG FOR ALLOC %d>%d! (READSTRING) [%s]
                                                                                                                                                                                                      • API String ID: 416424673-2930391879
                                                                                                                                                                                                      • Opcode ID: 2632782c5b3f5c5025c023408c124f99fdbcec8015bf8dfa0daa243f88406f1c
                                                                                                                                                                                                      • Instruction ID: b708998f70061aa9b0660c23fd76c48850a1c4ec96fad54ae6eba60c438fadbf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2632782c5b3f5c5025c023408c124f99fdbcec8015bf8dfa0daa243f88406f1c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8F028711001047AEB112A1BEC81DEBBF9DCFA1764710403FFC0897151DF398D9181AA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406829 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Proxy] Saved proxy list, xrefs: 0040685D
                                                                                                                                                                                                      • [Proxy] Saved proxy bypass list, xrefs: 00406878
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fputs$DeleteFile
                                                                                                                                                                                                      • String ID: [Proxy] Saved proxy bypass list$[Proxy] Saved proxy list
                                                                                                                                                                                                      • API String ID: 1258364954-1616844304
                                                                                                                                                                                                      • Opcode ID: 39a5b31f1f89b6018c363f55a1c11b4bde0ac9250ccba686651465e1bd6f8234
                                                                                                                                                                                                      • Instruction ID: 60ee75b9762bcbbeb3aa7f38cfcb0afc5450a4c3fad006be96fce0625b273ec7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39a5b31f1f89b6018c363f55a1c11b4bde0ac9250ccba686651465e1bd6f8234
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBF0813604A300AAEA253B15FD06B5A7BB1EF80B2AF21447FF491251D19F7D68A0855D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406257 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 37synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00406271
                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(?), ref: 00406284
                                                                                                                                                                                                        • Part of subcall function 004060BD: WaitForSingleObject.KERNEL32(?,000000FF,Direct,?,0040637B,Direct), ref: 004060D5
                                                                                                                                                                                                        • Part of subcall function 004060BD: SetEvent.KERNEL32(?), ref: 004060E6
                                                                                                                                                                                                        • Part of subcall function 004060BD: ReleaseMutex.KERNEL32(?), ref: 00406106
                                                                                                                                                                                                        • Part of subcall function 004060BD: Sleep.KERNEL32(000000C8), ref: 00406115
                                                                                                                                                                                                        • Part of subcall function 004060BD: FindCloseChangeNotification.KERNEL32(00000000), ref: 00406128
                                                                                                                                                                                                        • Part of subcall function 004060BD: CloseHandle.KERNEL32(?), ref: 00406132
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [HttpDownloader] [Windows Proxy] Got lock - running now., xrefs: 00406277
                                                                                                                                                                                                      • Windows Proxy, xrefs: 00406298, 004062AB
                                                                                                                                                                                                      • [HttpDownloader] [Windows Proxy] Starting download attempt..., xrefs: 0040628A
                                                                                                                                                                                                      • [HttpDownloader] [Windows Proxy] +++ Start +++, xrefs: 0040625F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseMutexObjectReleaseSingleTimeWaittime$ChangeEventFindHandleNotificationSleep_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Windows Proxy$[HttpDownloader] [Windows Proxy] +++ Start +++$[HttpDownloader] [Windows Proxy] Got lock - running now.$[HttpDownloader] [Windows Proxy] Starting download attempt...
                                                                                                                                                                                                      • API String ID: 2592456452-3326864155
                                                                                                                                                                                                      • Opcode ID: 291f197d8a2c152839b88bc3ff01fd4d08cbceeb8d662b406c043b0e6a0f2594
                                                                                                                                                                                                      • Instruction ID: 56254cbcd871ed10858f8d43ec7431e238b5a9feb13019c5b3c74fb637c95da4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 291f197d8a2c152839b88bc3ff01fd4d08cbceeb8d662b406c043b0e6a0f2594
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEF02EB324420066F6147E65AC0BF5AB755CF40B31F20423FF5A4691D1EE751520419E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004062BC Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 37synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004062D6
                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(?), ref: 004062E9
                                                                                                                                                                                                        • Part of subcall function 004060BD: WaitForSingleObject.KERNEL32(?,000000FF,Direct,?,0040637B,Direct), ref: 004060D5
                                                                                                                                                                                                        • Part of subcall function 004060BD: SetEvent.KERNEL32(?), ref: 004060E6
                                                                                                                                                                                                        • Part of subcall function 004060BD: ReleaseMutex.KERNEL32(?), ref: 00406106
                                                                                                                                                                                                        • Part of subcall function 004060BD: Sleep.KERNEL32(000000C8), ref: 00406115
                                                                                                                                                                                                        • Part of subcall function 004060BD: FindCloseChangeNotification.KERNEL32(00000000), ref: 00406128
                                                                                                                                                                                                        • Part of subcall function 004060BD: CloseHandle.KERNEL32(?), ref: 00406132
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [HttpDownloader] [Proxy Non Auto] Got lock - running now., xrefs: 004062DC
                                                                                                                                                                                                      • [HttpDownloader] [Proxy Non Auto] +++ Start +++, xrefs: 004062C4
                                                                                                                                                                                                      • Proxy Non Auto, xrefs: 004062FD, 00406310
                                                                                                                                                                                                      • [HttpDownloader] [Proxy Non Auto] Starting download attempt..., xrefs: 004062EF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseMutexObjectReleaseSingleTimeWaittime$ChangeEventFindHandleNotificationSleep_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Proxy Non Auto$[HttpDownloader] [Proxy Non Auto] +++ Start +++$[HttpDownloader] [Proxy Non Auto] Got lock - running now.$[HttpDownloader] [Proxy Non Auto] Starting download attempt...
                                                                                                                                                                                                      • API String ID: 2592456452-1640830781
                                                                                                                                                                                                      • Opcode ID: 0ca3218e30aaf9944d4c52c17d030caa285065a815812246ed6e1fa9ba9bc6bf
                                                                                                                                                                                                      • Instruction ID: 8e5746239c1d2799df23a33c3d7167101380dae3cf832663aaa7d86feb1b41eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ca3218e30aaf9944d4c52c17d030caa285065a815812246ed6e1fa9ba9bc6bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DF02E7324460076F6147F65AC07F5AB759CF40F31F20023FF664691D1EE751520419E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406321 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 37synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0040633B
                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(?), ref: 0040634E
                                                                                                                                                                                                        • Part of subcall function 004060BD: WaitForSingleObject.KERNEL32(?,000000FF,Direct,?,0040637B,Direct), ref: 004060D5
                                                                                                                                                                                                        • Part of subcall function 004060BD: SetEvent.KERNEL32(?), ref: 004060E6
                                                                                                                                                                                                        • Part of subcall function 004060BD: ReleaseMutex.KERNEL32(?), ref: 00406106
                                                                                                                                                                                                        • Part of subcall function 004060BD: Sleep.KERNEL32(000000C8), ref: 00406115
                                                                                                                                                                                                        • Part of subcall function 004060BD: FindCloseChangeNotification.KERNEL32(00000000), ref: 00406128
                                                                                                                                                                                                        • Part of subcall function 004060BD: CloseHandle.KERNEL32(?), ref: 00406132
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [HttpDownloader] [Direct] +++ Start +++, xrefs: 00406329
                                                                                                                                                                                                      • [HttpDownloader] [Direct] Starting download attempt..., xrefs: 00406354
                                                                                                                                                                                                      • Direct, xrefs: 00406362, 00406375
                                                                                                                                                                                                      • [HttpDownloader] [Direct] Got lock - running now., xrefs: 00406341
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseMutexObjectReleaseSingleTimeWaittime$ChangeEventFindHandleNotificationSleep_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Direct$[HttpDownloader] [Direct] +++ Start +++$[HttpDownloader] [Direct] Got lock - running now.$[HttpDownloader] [Direct] Starting download attempt...
                                                                                                                                                                                                      • API String ID: 2592456452-2027873883
                                                                                                                                                                                                      • Opcode ID: 76e774d72af7a98a983bac95b7451f1183b6347b13602f7745014dfe33d3f6c3
                                                                                                                                                                                                      • Instruction ID: cfc74845e63e995e7a5bc09bb28f194552fd852c86a86a5535c8def2d49a2c83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76e774d72af7a98a983bac95b7451f1183b6347b13602f7745014dfe33d3f6c3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9F02E7364420076F614BF65AC0BF9AB759CF40B35F20013FF564692D1EEF51510569E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040107C Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00401099
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004010CA
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 004010D9
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004010E3
                                                                                                                                                                                                      • _strcat.LIBCMT ref: 004010F9
                                                                                                                                                                                                      • __findfirst64i32.LIBCMT ref: 00401110
                                                                                                                                                                                                        • Part of subcall function 00418D4A: __lock.LIBCMT ref: 00418D68
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_find_block.LIBCMT ref: 00418D73
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_free_block.LIBCMT ref: 00418D82
                                                                                                                                                                                                        • Part of subcall function 00418D4A: RtlFreeHeap.NTDLL(00000000,?,00445DA0,0000000C,0042173E,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D), ref: 00418DB2
                                                                                                                                                                                                        • Part of subcall function 00418D4A: GetLastError.KERNEL32(?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 00418DC3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc_strlen$ErrorFreeHeapLast___sbh_find_block___sbh_free_block__findfirst64i32__lock_strcat
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3035122617-0
                                                                                                                                                                                                      • Opcode ID: afc04e294a79b86bad9d700b6437f9356f80c9fbf888c326cc7acb4b4b20ce8e
                                                                                                                                                                                                      • Instruction ID: e313d1becca7a047fe89da0d3fcad91c8473a836e7847be2c4c142f62fa06350
                                                                                                                                                                                                      • Opcode Fuzzy Hash: afc04e294a79b86bad9d700b6437f9356f80c9fbf888c326cc7acb4b4b20ce8e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5921D772904305AAE7156FB6DC41BDBB7999F08354F10012FF9089A291DF3D9D8187AD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00403527 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                      • _fgetc.LIBCMT ref: 0040355F
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 00419E68: _doexit.LIBCMT ref: 00419E70
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor] Found tail marker, xrefs: 00403597
                                                                                                                                                                                                      • Tail, xrefs: 004035AE
                                                                                                                                                                                                      • [Extractor] ************************* Failed to extract wrapper tail - couldn't open file %s, xrefs: 00403548
                                                                                                                                                                                                      • Could not find marker: %s, xrefs: 004035B3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$__fsopen_doexit_fgetc_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Could not find marker: %s$Tail$[Extractor] ************************* Failed to extract wrapper tail - couldn't open file %s$[Extractor] Found tail marker
                                                                                                                                                                                                      • API String ID: 3025799915-1620157254
                                                                                                                                                                                                      • Opcode ID: 52db9905616dbc1bd1617ed3d38ba6ec99bb8e6c4093fbf8a95c83dcaa47e1c8
                                                                                                                                                                                                      • Instruction ID: ecee06b21a26361ed58a3c5fe5a576a9e5c29fa1de8d41d1a9cbf654dc684db6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52db9905616dbc1bd1617ed3d38ba6ec99bb8e6c4093fbf8a95c83dcaa47e1c8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C01FE726442447AEB146E66DC439AEBB68C740B75F30013FF500761D1EA7C9E81525D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401CF6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __time64.LIBCMT ref: 00401D10
                                                                                                                                                                                                        • Part of subcall function 0041BE64: GetSystemTimeAsFileTime.KERNEL32(h[@,?,?,?,00405B68,?), ref: 0041BE6D
                                                                                                                                                                                                        • Part of subcall function 0041BE64: __aulldiv.LIBCMT ref: 0041BE8D
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 00401099
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010CA
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 004010D9
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010E3
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strcat.LIBCMT ref: 004010F9
                                                                                                                                                                                                        • Part of subcall function 0040107C: __findfirst64i32.LIBCMT ref: 00401110
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 00401D4F
                                                                                                                                                                                                        • Part of subcall function 004011A6: __findnext64i32.LIBCMT ref: 004011C7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time_malloc_strlen$FileSystem__aulldiv__findfirst64i32__findnext64i32__time64_sprintf_strcat
                                                                                                                                                                                                      • String ID: %ld-%ld$-app$JWrapperTemp-
                                                                                                                                                                                                      • API String ID: 1332852365-140441354
                                                                                                                                                                                                      • Opcode ID: 30e624c37b2fe50d248f38403c312c2a672b869dd97e75837a0a24e2cdf2a59a
                                                                                                                                                                                                      • Instruction ID: 781c7c9ca4fcf6d9a4f1e428311150ebbda958e3d04aa93a775c59b65f594055
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30e624c37b2fe50d248f38403c312c2a672b869dd97e75837a0a24e2cdf2a59a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94014871A012086BDB10AFBA8D41B9EB7B9AF48704F60002FF504B3192DA3D99158B5D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00418D4A Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __lock.LIBCMT ref: 00418D68
                                                                                                                                                                                                        • Part of subcall function 0041F954: __mtinitlocknum.LIBCMT ref: 0041F968
                                                                                                                                                                                                        • Part of subcall function 0041F954: __amsg_exit.LIBCMT ref: 0041F974
                                                                                                                                                                                                        • Part of subcall function 0041F954: EnterCriticalSection.KERNEL32(00000000,00000000,?,0041C8EB,?,00418F33,00000001,00000000,00445DE0,0000000C,0040A1AA,+%-8llu ,00000000,?), ref: 0041F97C
                                                                                                                                                                                                      • ___sbh_find_block.LIBCMT ref: 00418D73
                                                                                                                                                                                                      • ___sbh_free_block.LIBCMT ref: 00418D82
                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,?,00445DA0,0000000C,0042173E,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D), ref: 00418DB2
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 00418DC3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2714421763-0
                                                                                                                                                                                                      • Opcode ID: 5c689ad5e028aeb5446f78eb7f58bb6f35b17880c1a7c741760812bb6b6667eb
                                                                                                                                                                                                      • Instruction ID: 6475a5d70d078aaac0eefbc237a032a80cee3bdf9bf669f381308547b33e00ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c689ad5e028aeb5446f78eb7f58bb6f35b17880c1a7c741760812bb6b6667eb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E018471901315BADF207BB2AC097DB3B649F10724F64411FF414A61C1CE3C98C58A9C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406A95 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 00406AA0
                                                                                                                                                                                                        • Part of subcall function 0041C794: __calloc_impl.LIBCMT ref: 0041C7A7
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 00406AB9
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406AD4
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406ADE
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00000020,?,?,?,00000000,?,?,?,?,?,?,00000000,?,00000000,[Unarchiver] Extracting %s (::%ld from %s),00000000), ref: 00406AE7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateEvent_calloc$CriticalInitializeSection__calloc_impl
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4034876201-0
                                                                                                                                                                                                      • Opcode ID: 1d8fd070967c19159aa20319a370fba4fb9bdd911811e7e0b8cd13c60912b0f8
                                                                                                                                                                                                      • Instruction ID: 065ce8fbd65a15ccc43fce244b7fadd0bd648ed5c3ccc0fa3635c0ef2ecfdf6e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d8fd070967c19159aa20319a370fba4fb9bdd911811e7e0b8cd13c60912b0f8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EFF0B671540740ABD7309F6B8C89E87FBF8EF95B60B004A1EB1A9C2691D6B4A544CBA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BF1A Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 0041BF1B
                                                                                                                                                                                                        • Part of subcall function 00421596: TlsGetValue.KERNEL32(004216D9,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?), ref: 0042159C
                                                                                                                                                                                                        • Part of subcall function 00421596: __decode_pointer.LIBCMT ref: 004215AC
                                                                                                                                                                                                        • Part of subcall function 00421596: TlsSetValue.KERNEL32(00000000,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 004215B9
                                                                                                                                                                                                        • Part of subcall function 0042157B: TlsGetValue.KERNEL32(?,0041BF2B,00000000), ref: 00421585
                                                                                                                                                                                                      • __freefls@4.LIBCMT ref: 0041BF71
                                                                                                                                                                                                        • Part of subcall function 004215C0: __decode_pointer.LIBCMT ref: 004215CE
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 0041BF43
                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0041BF4A
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0041BF50
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3011376767-0
                                                                                                                                                                                                      • Opcode ID: 5106e8ab914942f97e175f2f769f97df82c8d0e3d0a6f1854a2f2fd0085b198c
                                                                                                                                                                                                      • Instruction ID: 3d52107283c50f5a4f50497d0ede16ac0b698f012b1a5b57e739b4baeccdd56a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5106e8ab914942f97e175f2f769f97df82c8d0e3d0a6f1854a2f2fd0085b198c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C018F74601311AFD714AB62ED0969A77A49F98358B5084AEB409C3231DB3CC8C3CB9D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040605E Relevance: 7.5, APIs: 5, Instructions: 29threadsynchronizationwindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004011ED: GetVersion.KERNEL32(00405FDD,004036C3), ref: 004011ED
                                                                                                                                                                                                      • PostThreadMessageA.USER32(00000012,00000000,00000000,0040600A), ref: 0040792C
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00002328), ref: 0040793D
                                                                                                                                                                                                      • TerminateThread.KERNEL32(000008AE), ref: 00407955
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00407968
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00407970
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleThread$MessageObjectPostSingleTerminateVersionWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3542093469-0
                                                                                                                                                                                                      • Opcode ID: 976588e189b5959d62faaf25fada9ed8b4b222b26c0c9eefa2b3452ee05808b1
                                                                                                                                                                                                      • Instruction ID: 5d7ccf86fe71225157105d21b37aa24622fbdc48e0f0690f48193a1b03d52a18
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 976588e189b5959d62faaf25fada9ed8b4b222b26c0c9eefa2b3452ee05808b1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7F03439940204ABEB299B60EC89B96BBB2B70A751F500837F241650F08F791C54EA4D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401D89 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 00401099
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010CA
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 004010D9
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010E3
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strcat.LIBCMT ref: 004010F9
                                                                                                                                                                                                        • Part of subcall function 0040107C: __findfirst64i32.LIBCMT ref: 00401110
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 00401DCE
                                                                                                                                                                                                        • Part of subcall function 004011A6: __findnext64i32.LIBCMT ref: 004011C7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc_strlen$__findfirst64i32__findnext64i32_sprintf_strcat
                                                                                                                                                                                                      • String ID: %lu-%ld$JWLaunchProperties-$unrestricted
                                                                                                                                                                                                      • API String ID: 2811896154-3442470606
                                                                                                                                                                                                      • Opcode ID: 843b9f58bd241f3eeb0fb29b6dc8e5475ace6eccfa3957031cf2a40d1d38bcae
                                                                                                                                                                                                      • Instruction ID: 8ca252038d62c32bbc5a492c79f7a3c0edf1591a9d3b8b9285ce0278b9bbb1be
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 843b9f58bd241f3eeb0fb29b6dc8e5475ace6eccfa3957031cf2a40d1d38bcae
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2016171E00308ABDB14AB699C82EDEB7ACDF08744B50403FF916BB292D93CA944865D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004034A2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                      • _fgetc.LIBCMT ref: 004034DA
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 00419E68: _doexit.LIBCMT ref: 00419E70
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Could not find marker: %s, xrefs: 00403520
                                                                                                                                                                                                      • Params, xrefs: 0040351B
                                                                                                                                                                                                      • [Extractor] *********************** Failed to extract wrapper params - couldn't open file %s, xrefs: 004034C3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$__fsopen_doexit_fgetc_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Could not find marker: %s$Params$[Extractor] *********************** Failed to extract wrapper params - couldn't open file %s
                                                                                                                                                                                                      • API String ID: 3025799915-2861639549
                                                                                                                                                                                                      • Opcode ID: 552122e0b1e62d9768fc0fc83d0e549d2ad47dcf6cbd0ae4590cc2212816ce8d
                                                                                                                                                                                                      • Instruction ID: db91e43bc6b0e847d3d8f581b5756eae639c5e2da197821d7e73ae1c574fa404
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 552122e0b1e62d9768fc0fc83d0e549d2ad47dcf6cbd0ae4590cc2212816ce8d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 460128326042047AEB229EA5E8429AEBB6DCB41B75B30413BF500AA1C1EB7C9D81539C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00402FED Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                      • _fwrite.LIBCMT ref: 0040305F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor] Authorised to override the splash image., xrefs: 0040300C
                                                                                                                                                                                                      • [Extractor] DynamicSplash is %d, size is %d, xrefs: 00403023
                                                                                                                                                                                                      • [Extractor] Overwriting splash image at %s, xrefs: 0040303D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$__fsopen_fprintf_fwrite_printf_vfprintf
                                                                                                                                                                                                      • String ID: [Extractor] Authorised to override the splash image.$[Extractor] DynamicSplash is %d, size is %d$[Extractor] Overwriting splash image at %s
                                                                                                                                                                                                      • API String ID: 1581798162-2343250271
                                                                                                                                                                                                      • Opcode ID: f592e5b34cab4c23d79df1be1df37d9134fbfb783570c72d436ce35a6a48fcc9
                                                                                                                                                                                                      • Instruction ID: da169819646b7702f400af56826cf628bc4c376bbb310aad85ddf38462db2b20
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f592e5b34cab4c23d79df1be1df37d9134fbfb783570c72d436ce35a6a48fcc9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83018F72545318BBEF216E66AC0299E3B18EF00B56F10403BFD04740D5E6B98AB08BDA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00407894 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35synchronizationthreadwindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00406055,?,00404DFA), ref: 004078A3
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00001388), ref: 004078D8
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • PostThreadMessageA.USER32(00000006,00000002,00000000,00000000), ref: 004078FC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Error starting SplashThread, xrefs: 004078E5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$CreateEventMessageObjectPostSingleThreadWait_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Error starting SplashThread
                                                                                                                                                                                                      • API String ID: 3484307115-1334109510
                                                                                                                                                                                                      • Opcode ID: 98366a9f0e649190f9d913850885c31456eb49567785c94d07a0e3a38cbf801c
                                                                                                                                                                                                      • Instruction ID: 8fd76416e905301adb28a3d596cd80474597f2e170412bd4338ca326a6c5f1b6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98366a9f0e649190f9d913850885c31456eb49567785c94d07a0e3a38cbf801c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4F05475D453207ADB255B25BC4FEC7BEA5EB0A761B504837F004600D18B780C80D6DD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00408587 Relevance: 6.0, APIs: 4, Instructions: 44threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040858C
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                        • Part of subcall function 00406A95: _calloc.LIBCMT ref: 00406AA0
                                                                                                                                                                                                        • Part of subcall function 00406A95: _calloc.LIBCMT ref: 00406AB9
                                                                                                                                                                                                        • Part of subcall function 00406A95: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406AD4
                                                                                                                                                                                                        • Part of subcall function 00406A95: CreateEventA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406ADE
                                                                                                                                                                                                        • Part of subcall function 00406A95: InitializeCriticalSection.KERNEL32(00000020,?,?,?,00000000,?,?,?,?,?,?,00000000,?,00000000,[Unarchiver] Extracting %s (::%ld from %s),00000000), ref: 00406AE7
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 004085A7
                                                                                                                                                                                                        • Part of subcall function 0041C794: __calloc_impl.LIBCMT ref: 0041C7A7
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00008247,00000000,00000000,00000000), ref: 004085D3
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,0040827C,00000000,00000000,00000000), ref: 004085E4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Create$_calloc$EventThread$AllocateCriticalHeapInitializeSection__calloc_impl_malloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 152577594-0
                                                                                                                                                                                                      • Opcode ID: 844ab9dc41824680fa224ca38922cdb00829c83587dc450f1aa0a3fb2edbe1a5
                                                                                                                                                                                                      • Instruction ID: 2862894f9e7a0f37e83e305f9fc1d1d68deb0603e0a28e894f97664461554ea6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 844ab9dc41824680fa224ca38922cdb00829c83587dc450f1aa0a3fb2edbe1a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2F03CB16403006FE310EF7A8C85F67AADCEB48754F11482DB688D7281D67498408774
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00408336 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 0040835D
                                                                                                                                                                                                        • Part of subcall function 0041C794: __calloc_impl.LIBCMT ref: 0041C7A7
                                                                                                                                                                                                      • __fread_nolock.LIBCMT ref: 00408372
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Streamer] [FileReader] Starting..., xrefs: 00408342
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$__calloc_impl__fread_nolock_calloc_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: [Streamer] [FileReader] Starting...
                                                                                                                                                                                                      • API String ID: 3312375738-559953310
                                                                                                                                                                                                      • Opcode ID: 93462c3911116680cb52f7b142bfef3bc3d3a860ae1a9dc513ff30325b730f88
                                                                                                                                                                                                      • Instruction ID: 01ad5c7159d52852a795a2d406ac10d3413fe64d705194b88fe4f24117bab605
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93462c3911116680cb52f7b142bfef3bc3d3a860ae1a9dc513ff30325b730f88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D801DBB29043006AE310BF26AD47F5B77A8DBC0724F14042FF890A51C2EB7D9854D6AF
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00407C6B Relevance: 4.9, APIs: 3, Instructions: 386COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowLongA.USER32(?,000000EB), ref: 00407C7C
                                                                                                                                                                                                      • DefWindowProcA.USER32(?,0000000F,?,?), ref: 00407C96
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$LongProc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2275667008-0
                                                                                                                                                                                                      • Opcode ID: 33484258d67d8096dd924f5a790098a7499f2a5600d8467045000c4be3c92ee6
                                                                                                                                                                                                      • Instruction ID: bc824b010552acdb68eb94f7775903047a53ebe711bed6fa129004621a273dd4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33484258d67d8096dd924f5a790098a7499f2a5600d8467045000c4be3c92ee6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCE11671908342AFC740EF69C88192EBBE5FF88358F04492EF594A3291D738ED158B5B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041E65E Relevance: 4.5, APIs: 3, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(?,00000000,0041E6F2,?,?,00409A2F,00000000,00000006,[Utils] Checking if %s exists,00001388,00409F39,00000000,Shared dir detected is %s,00000000), ref: 0041E699
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0041E6A4
                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0041E6AB
                                                                                                                                                                                                        • Part of subcall function 0041925C: __getptd_noexit.LIBCMT ref: 0041925C
                                                                                                                                                                                                        • Part of subcall function 00419249: __getptd_noexit.LIBCMT ref: 00419249
                                                                                                                                                                                                        • Part of subcall function 0042147F: __decode_pointer.LIBCMT ref: 00421488
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __getptd_noexit$AttributesErrorFileLast__decode_pointer__dosmaperr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 597900879-0
                                                                                                                                                                                                      • Opcode ID: 49398cf987d46165bf9294025a9a52cb9d1807ad0a4e9cc1a6e35f4cb96865cf
                                                                                                                                                                                                      • Instruction ID: 961ed0e8244e035a01e36e933bf29bad415a5074a4972b1720162366c91aa197
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49398cf987d46165bf9294025a9a52cb9d1807ad0a4e9cc1a6e35f4cb96865cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1301AD34604310AADA526BB6E8156DB36909F61728F81498FF8A4862E1C73C4CC19BAD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004276B4 Relevance: 4.5, APIs: 3, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00004000,00000000,00000109,00004000,00000109,00429EC1,00000109,00000000,00000000), ref: 004276E1
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 004276EE
                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 004276FD
                                                                                                                                                                                                        • Part of subcall function 00419249: __getptd_noexit.LIBCMT ref: 00419249
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastPointer__dosmaperr__getptd_noexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3690295476-0
                                                                                                                                                                                                      • Opcode ID: ffd2680c62bc8fd7d36ae3660c2eb8fbf6727a6802ff2ba5662e56a133e4e71b
                                                                                                                                                                                                      • Instruction ID: 9b2c341bd7bd9a1d2ea39440275a9228b31767ce6ccaff5b104f3e2e5b4771c6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffd2680c62bc8fd7d36ae3660c2eb8fbf6727a6802ff2ba5662e56a133e4e71b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30F0283231CA3156CA115B7DBC04A8A3A645B81334F621B5BF530DB2E1CF38DC84866A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A012 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 00401099
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010CA
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 004010D9
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010E3
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strcat.LIBCMT ref: 004010F9
                                                                                                                                                                                                        • Part of subcall function 0040107C: __findfirst64i32.LIBCMT ref: 00401110
                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,00408B94,?), ref: 0041E6FF
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0041E709
                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0041E718
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc_strlen$CreateDirectoryErrorLast__dosmaperr__findfirst64i32_strcat
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 299123913-0
                                                                                                                                                                                                      • Opcode ID: 1cd49067c13f687ed658a7ad1eb4250b968095463de74e295b64f2204720c196
                                                                                                                                                                                                      • Instruction ID: d09f5887e53969c8f6b61a225c7679726f8152d3297eb0deb26bb11e3bb712d2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cd49067c13f687ed658a7ad1eb4250b968095463de74e295b64f2204720c196
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54E04F38219302A6FE6427726C05A9B76989F44B64F98097BF814E14E2EF7DCCC1654D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00419ABF Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MoveFileA.KERNEL32(?,?), ref: 00419AC7
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00001388,004048A2,[Extractor] Renaming GU folder to %s,?), ref: 00419AD1
                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00419AE0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastMove__dosmaperr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2142343326-0
                                                                                                                                                                                                      • Opcode ID: e91684d7e3577dbd4bad058a74df7eb98a51823577973a13315a82928849dba1
                                                                                                                                                                                                      • Instruction ID: ec14c1c9348b1f11c06dde1d4360c16153e5bb8abdc4e3278b0d4ff7b5713abb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e91684d7e3577dbd4bad058a74df7eb98a51823577973a13315a82928849dba1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FED0A730205242668F401B708C2448B7AE8AF5039175C1E29F015C00B0EF38CCC5A509
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041A236 Relevance: 4.5, APIs: 3, Instructions: 16fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DeleteFileA.KERNEL32(?,00408ED3,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041A23A
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041A244
                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 0041A253
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DeleteErrorFileLast__dosmaperr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1545401867-0
                                                                                                                                                                                                      • Opcode ID: 53f63f76f3f749e499847c588db863e0b41eb5c6ac7b211441a3ac017b113906
                                                                                                                                                                                                      • Instruction ID: 044b33b13ee36d0470d831e2a87bdbdf539ab7876bd694fb9bb6dd567f7c3cf4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53f63f76f3f749e499847c588db863e0b41eb5c6ac7b211441a3ac017b113906
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0D02230216601568F041B308C084DB72E82F407203640ABEF415C02E0EF3DCCD4A00E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00405603 Relevance: 4.5, APIs: 3, Instructions: 16networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 0040560F
                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00405619
                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00405623
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleInternet
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1081599783-0
                                                                                                                                                                                                      • Opcode ID: f5c93ed6ef863770aee3655ba391932defce3c2301cca7cd564ae1d28d3b0b66
                                                                                                                                                                                                      • Instruction ID: a8b6a5d19f6080ca968f55c6fa81b058ac5381b014569780123df3df970784c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5c93ed6ef863770aee3655ba391932defce3c2301cca7cd564ae1d28d3b0b66
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0D0C731414924A6C6136714AC4877FA7A8DBC5715F49487FB008721904B7D5882DF9D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BEA0 Relevance: 4.5, APIs: 3, Instructions: 16threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __getptd_noexit.LIBCMT ref: 0041BEBE
                                                                                                                                                                                                      • __freeptd.LIBCMT ref: 0041BEC8
                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 0041BED2
                                                                                                                                                                                                        • Part of subcall function 00422DE2: __FindPESection.LIBCMT ref: 00422E09
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExitFindSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3889676945-0
                                                                                                                                                                                                      • Opcode ID: bd6341ff6726e6bfc7aa00bd61cdfaee5a7bea88e7588ee388f6043529b3e26a
                                                                                                                                                                                                      • Instruction ID: 6a884adc8bd24c1e7c8ac4113b09b237221a5ae7f9936d22471131d7984051d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd6341ff6726e6bfc7aa00bd61cdfaee5a7bea88e7588ee388f6043529b3e26a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5D067702023146AE6552772AE0E79A66959F10316F64552AB501811B1DB7C8841DB5E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004011A6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ***********************************************************************, xrefs: 004011A7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __findnext64i32
                                                                                                                                                                                                      • String ID: ***********************************************************************
                                                                                                                                                                                                      • API String ID: 3558003376-1991258698
                                                                                                                                                                                                      • Opcode ID: 41804e5b372d20012fd413f6caf91b407c690f7a07b2ec7b1fdf98c8729ae762
                                                                                                                                                                                                      • Instruction ID: 655e14468b7cf297d6a5f005976d057acedbf8d0086d2a0567cf4b9b112279e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41804e5b372d20012fd413f6caf91b407c690f7a07b2ec7b1fdf98c8729ae762
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EFF0E57A2002104FD3284EEAA8D059673D4AF4A334B250B3FE661AF2E0D7741C81C398
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041A6D0 Relevance: 3.1, APIs: 2, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 0041A738
                                                                                                                                                                                                      • __fread_nolock_s.LIBCMT ref: 0041A771
                                                                                                                                                                                                        • Part of subcall function 00419249: __getptd_noexit.LIBCMT ref: 00419249
                                                                                                                                                                                                        • Part of subcall function 0042147F: __decode_pointer.LIBCMT ref: 00421488
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __decode_pointer__fread_nolock_s__getptd_noexit_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1238173367-0
                                                                                                                                                                                                      • Opcode ID: 65f2bfaa699c59edee09ef757f1b539d45e4c4cb578db367ed265e6ba04666fe
                                                                                                                                                                                                      • Instruction ID: 994475eface2fd970405ad6945d58a85de26d8f874e519e1929c52bb024e8f87
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65f2bfaa699c59edee09ef757f1b539d45e4c4cb578db367ed265e6ba04666fe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3011A230A02115ABCB216E758C454DF3A62AF50764B148A16F434861D2D739CEF1CACA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041F784 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000,0041EAEB,00000001), ref: 0041F795
                                                                                                                                                                                                      • HeapDestroy.KERNEL32 ref: 0041F7CB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3296620671-0
                                                                                                                                                                                                      • Opcode ID: d38a03498169f523d5b2034d875314bbd8c155cd30e2bed75edb3f02edc204bf
                                                                                                                                                                                                      • Instruction ID: 224658fd8996ad65ada6d53725a0aff9d3c8d8841ac3059e4f603ffcc36190d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d38a03498169f523d5b2034d875314bbd8c155cd30e2bed75edb3f02edc204bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDE06D746503019AEB406F32AD0536676D8FB41B87F44483BF812C92E0EB68C58B9A4C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040847C Relevance: 3.0, APIs: 2, Instructions: 23threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00406A95: _calloc.LIBCMT ref: 00406AA0
                                                                                                                                                                                                        • Part of subcall function 00406A95: _calloc.LIBCMT ref: 00406AB9
                                                                                                                                                                                                        • Part of subcall function 00406A95: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406AD4
                                                                                                                                                                                                        • Part of subcall function 00406A95: CreateEventA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406ADE
                                                                                                                                                                                                        • Part of subcall function 00406A95: InitializeCriticalSection.KERNEL32(00000020,?,?,?,00000000,?,?,?,?,?,?,00000000,?,00000000,[Unarchiver] Extracting %s (::%ld from %s),00000000), ref: 00406AE7
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 0040848F
                                                                                                                                                                                                        • Part of subcall function 0041C794: __calloc_impl.LIBCMT ref: 0041C7A7
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00008336,00000000,00000000,00000000), ref: 004084AC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Create_calloc$Event$CriticalInitializeSectionThread__calloc_impl
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 54869379-0
                                                                                                                                                                                                      • Opcode ID: 13ebaa0808c85869f936be09391f780ae83cbd7e611f3fc5dce0d7f00cd0cfd2
                                                                                                                                                                                                      • Instruction ID: d544b2b4dffbe7acf1cb89a12da8d267adb6f5984f3559d6670f7c015f0894e1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13ebaa0808c85869f936be09391f780ae83cbd7e611f3fc5dce0d7f00cd0cfd2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DEE0C2B07403117FF61DAF249C0FF672A18CB00B54F01416DB609AF2D2EAF56C4086A8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041BED9 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0042174D: __getptd_noexit.LIBCMT ref: 0042174E
                                                                                                                                                                                                        • Part of subcall function 0042174D: __amsg_exit.LIBCMT ref: 0042175B
                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00445F48,0000000C,0041BF99,?,00000000), ref: 0041BEF1
                                                                                                                                                                                                        • Part of subcall function 0041BEA0: __getptd_noexit.LIBCMT ref: 0041BEBE
                                                                                                                                                                                                        • Part of subcall function 0041BEA0: __freeptd.LIBCMT ref: 0041BEC8
                                                                                                                                                                                                        • Part of subcall function 0041BEA0: ExitThread.KERNEL32 ref: 0041BED2
                                                                                                                                                                                                      • __XcptFilter.LIBCMT ref: 0041BF06
                                                                                                                                                                                                        • Part of subcall function 00422E99: __getptd_noexit.LIBCMT ref: 00422E9F
                                                                                                                                                                                                        • Part of subcall function 00422E99: UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,0041BF0B,?,?,00000000), ref: 00422EAD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __getptd_noexit$Filter$CallbackDispatcherExceptionExitThreadUnhandledUserXcpt__amsg_exit__freeptd
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2291037783-0
                                                                                                                                                                                                      • Opcode ID: 7982132cb09056588b6613543abcb12ecc4afbe4c06ba5c4940ba8c5bee6ba3a
                                                                                                                                                                                                      • Instruction ID: e001f2fff38d37cb94adf7f9d02fd1edfa9603c7465fbd7a9aae32568e422de3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7982132cb09056588b6613543abcb12ecc4afbe4c06ba5c4940ba8c5bee6ba3a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81E0ECB1A10614AFEB18FBA1D906E6E7775EF94305F61008EF1015B2A3CB7999409A29
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041B9C4 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___getgmtimebuf.LIBCMT ref: 0041B9C5
                                                                                                                                                                                                        • Part of subcall function 00425B52: __getptd_noexit.LIBCMT ref: 00425B54
                                                                                                                                                                                                      • __localtime64_s.LIBCMT ref: 0041B9D7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ___getgmtimebuf__getptd_noexit__localtime64_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3085840424-0
                                                                                                                                                                                                      • Opcode ID: 6a76e9249ba85561ff21e9ed298459f185c285f6a5b90c1a2152c1d93d4f7f53
                                                                                                                                                                                                      • Instruction ID: 9f979e155754aff153405a332cdba2226cac501bc15a7fab4fe3ed2ba87fba30
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a76e9249ba85561ff21e9ed298459f185c285f6a5b90c1a2152c1d93d4f7f53
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AEC0123755A83115151625B9B8025DA5640CB417B4701515BF551C6180CB1CC88201DD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004255E4 Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __lock.LIBCMT ref: 004255FC
                                                                                                                                                                                                        • Part of subcall function 0041F954: __mtinitlocknum.LIBCMT ref: 0041F968
                                                                                                                                                                                                        • Part of subcall function 0041F954: __amsg_exit.LIBCMT ref: 0041F974
                                                                                                                                                                                                        • Part of subcall function 0041F954: EnterCriticalSection.KERNEL32(00000000,00000000,?,0041C8EB,?,00418F33,00000001,00000000,00445DE0,0000000C,0040A1AA,+%-8llu ,00000000,?), ref: 0041F97C
                                                                                                                                                                                                      • __tzset_nolock.LIBCMT ref: 0042560D
                                                                                                                                                                                                        • Part of subcall function 00424F02: __lock.LIBCMT ref: 00424F24
                                                                                                                                                                                                        • Part of subcall function 00424F02: __invoke_watson.LIBCMT ref: 00424F48
                                                                                                                                                                                                        • Part of subcall function 00424F02: __invoke_watson.LIBCMT ref: 00424F63
                                                                                                                                                                                                        • Part of subcall function 00424F02: __invoke_watson.LIBCMT ref: 00424F7E
                                                                                                                                                                                                        • Part of subcall function 00424F02: ____lc_codepage_func.LIBCMT ref: 00424F86
                                                                                                                                                                                                        • Part of subcall function 00424F02: _strlen.LIBCMT ref: 00424FE6
                                                                                                                                                                                                        • Part of subcall function 00424F02: __malloc_crt.LIBCMT ref: 00424FED
                                                                                                                                                                                                        • Part of subcall function 00424F02: _strlen.LIBCMT ref: 00425003
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __invoke_watson$__lock_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__malloc_crt__mtinitlocknum__tzset_nolock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4249203040-0
                                                                                                                                                                                                      • Opcode ID: 81d4fe3fd08c265a9c60e077db3dce27368bee575418ceaa2de7cdab2c3dc437
                                                                                                                                                                                                      • Instruction ID: a70c8f3a9bc329c1baaa7e8119d5ab3a5b6a0e3c818e22bab7d8f9d99004a8e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81d4fe3fd08c265a9c60e077db3dce27368bee575418ceaa2de7cdab2c3dc437
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09E0CD74741A30E6D6227BA5790221C73F0FF55729FD4416FF144152D6CA784485C69D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041502B Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _realloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1750794848-0
                                                                                                                                                                                                      • Opcode ID: 74ac8c0cddc45dd23b5a1c6cf2b2f2ca1b1b4be46243dc70523d10fc8b6aca38
                                                                                                                                                                                                      • Instruction ID: 1073f34c7217c9c224f085a2869ffecaf32d4c96d257afff2fed660d69cd35a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74ac8c0cddc45dd23b5a1c6cf2b2f2ca1b1b4be46243dc70523d10fc8b6aca38
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1F06832644F01DFD710DA59D800AE677D5EFD8334B24891FE1E6C7590D679E8828654
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A845 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 6999f3c6ce99fe579f713066869eeeded2145ba158b147a5a18f64a286e03077
                                                                                                                                                                                                      • Instruction ID: b250cb4e82a2d594430a0fcf7ebf6cb735d07c356712d16bb60e37dd3ccc4445
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6999f3c6ce99fe579f713066869eeeded2145ba158b147a5a18f64a286e03077
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACB012F12AD2017C790C92152C02D77023CC1C0F14330C02FB400C5081D84C9C46203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A855 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: ca660be41b0cf673ee8f8e3b288b33aabffe9b65d740df1aaec8da820d4baee2
                                                                                                                                                                                                      • Instruction ID: 3737b65b973fec8bdf5dfab1b11587e5332e1b0c114775cf5916888ab45d8bda
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca660be41b0cf673ee8f8e3b288b33aabffe9b65d740df1aaec8da820d4baee2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72B012E22AC2116C754CA2055C03D77012CC1C0F11330C42FB000C50C1D84C9C46603F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A865 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 6f2c8d275ca0f67a52774670d146309c5a34db27edd470dd69d83cb5c6b6bb6c
                                                                                                                                                                                                      • Instruction ID: e167b38a25592ee832bd99aadd25b45da7c641596e7625368e44a9de8aa1d319
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f2c8d275ca0f67a52774670d146309c5a34db27edd470dd69d83cb5c6b6bb6c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81B012E22AC2016C760C92059D03D77012CC1C0F11330C02FB000C5081D84C9C47203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A875 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 6189388ab8999aa19b0bcbf1adcb9333f03d50029f390c25170e77f3e43cee67
                                                                                                                                                                                                      • Instruction ID: 1ad8595bdff14021382c89d6bf555a9e99c84dac1da5c8a9a599eba58cc2e6b7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6189388ab8999aa19b0bcbf1adcb9333f03d50029f390c25170e77f3e43cee67
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0B012E26AC3016C750CD2051C03DB7012CC5C0F11330C13FB000C5081D84C9C86203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A815 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: c4c281abf59a80e8e2b056dfd1ff9530080643f1096cc55fa426b9336fcb84fc
                                                                                                                                                                                                      • Instruction ID: 8c64161fcf29fad5004482d8e6d63a5c55865927929db0a912d66de74a8746d3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4c281abf59a80e8e2b056dfd1ff9530080643f1096cc55fa426b9336fcb84fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AB012F12AC2017C754C92056C02D77012CC1C0F18330C02FB000C5081D84C9C46A03F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A825 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 1c5fe0e4e1c185ba13483035bb85d92094092fb635899cdeef52800bd7e19a48
                                                                                                                                                                                                      • Instruction ID: 60c4c02e7010768b06d308db99a55dffa830f63efea859b2df11d0a319139a86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c5fe0e4e1c185ba13483035bb85d92094092fb635899cdeef52800bd7e19a48
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41B012F12AC2017C760C92056D02D77012CC1C0F14330C02FB000C5082E84C9C47203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A835 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 10e4db22c1f8e2b120a9f09477af4e07ecf423bfa1885ac46b436dbf3f60f1b7
                                                                                                                                                                                                      • Instruction ID: b37c3aa6fba284b44efacd1dc17970a6738fc95e5d7ef55dcc5604a1a6f60862
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10e4db22c1f8e2b120a9f09477af4e07ecf423bfa1885ac46b436dbf3f60f1b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8B012F12AC3017C750C92056C02DB7012CC5C0F14330C13FB000C5081D84C9C86203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A8C5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: afb253cfd990a2eab609d5b2009787d337c1b3988d9e0d75c3d62d0af1dd4967
                                                                                                                                                                                                      • Instruction ID: 72f6dc791586f4d1de9f3fd4d4fecf1e1808edc5deb2a2ecea6354af139c23cf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: afb253cfd990a2eab609d5b2009787d337c1b3988d9e0d75c3d62d0af1dd4967
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44B012E52AC2056C790C92251C02D77017CC1C0F10330C02FB400C5081D94C9C46203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A885 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: fef45f79269e73e02d0d260deccb544c97306a949111c432973d78a706f6c5b1
                                                                                                                                                                                                      • Instruction ID: be02d9bddace7bb9c08056ae19b58601955140a45eb09e4f2aa78cb8dda1ff04
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fef45f79269e73e02d0d260deccb544c97306a949111c432973d78a706f6c5b1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33B012E22AC2016C790C92151C03D77013CC1C0F11330C02FB400C5081D84C9C46203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A895 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 8c86add932cd46a5777061ff1d6d8f2bd8d380ef0886631984c811bb3c93ac10
                                                                                                                                                                                                      • Instruction ID: 4bc28ed7e515f9d6ad0c1d2ec3bbd3032c099c38c64c248dad7b3b5198ac72e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c86add932cd46a5777061ff1d6d8f2bd8d380ef0886631984c811bb3c93ac10
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14B012E22AC2056C754C92055C02D77016CC1C0F10330C02FB000C5081D84C9C46603F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A8A5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: f773e560dfcdf00df963751ba9dc8a2d26efcd3525fb18eb54105d2cc864a598
                                                                                                                                                                                                      • Instruction ID: 6bfabcd90df551c7a739d07fa3b027fb211730149271ae82a7d4fd1cb3936695
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f773e560dfcdf00df963751ba9dc8a2d26efcd3525fb18eb54105d2cc864a598
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEB012F12AC2016C760C92055D02D7701ACC1C0F10330C02FB400C5081D84C9C47203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A8B5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 292955a2af4424ea867b7d327cd53f39043eea9abaea4d1cf0b96bbddcd5277d
                                                                                                                                                                                                      • Instruction ID: d1223a659fdd16325fa76c10706780fb6cb8d343ce8ede39b3c622cd2ab7a13a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 292955a2af4424ea867b7d327cd53f39043eea9abaea4d1cf0b96bbddcd5277d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DB012E12AC3016C750C92051C02DB7016CC5C0F10330C13FB000C5081D84C9C86203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00419552 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,0040117C,00000000,00000000,0040A028,00000000,00408B94,?), ref: 00419556
                                                                                                                                                                                                        • Part of subcall function 00419249: __getptd_noexit.LIBCMT ref: 00419249
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseFind__getptd_noexit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1671237007-0
                                                                                                                                                                                                      • Opcode ID: 1ae74eb463dcf92d9edf7f3ed0d97fe99589786ca01afd872fe0d768694a8178
                                                                                                                                                                                                      • Instruction ID: 58878491e1089d44192990a04f672d83561a52e58f94578f9372d7e4e67ca6ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ae74eb463dcf92d9edf7f3ed0d97fe99589786ca01afd872fe0d768694a8178
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43C08C70600204AADB011F72CC0524A3A906F40720F840BA9F020C60F0EB788C00A604
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A7C4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 51d44f3f891f3b31e12842063aacf48433f9d1a58ae4059308be1fae04e1ff1b
                                                                                                                                                                                                      • Instruction ID: 0dfae202e7c8fc6ca3d3950122dd48469b0b7eebef8b0a0727a15385e2535e94
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51d44f3f891f3b31e12842063aacf48433f9d1a58ae4059308be1fae04e1ff1b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EB012E12AC2017CB50892011D82C77012DD1C0F14330C02FB501D80C1D84C9C46A03F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A7F5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 28f930896010e3ca6ace2eb12da724d7055e06f498c7ca96d32ca376692eaf1d
                                                                                                                                                                                                      • Instruction ID: 3b08318b6116054f9a41268b1980f39b817aa181fe91130e68d9327e425b04a9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28f930896010e3ca6ace2eb12da724d7055e06f498c7ca96d32ca376692eaf1d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85B012E13AC3016CB50892051C42DB7016CC1C0F10330C12FB402C90C1D84C9C86203F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A80A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: b1af8fb97403c8f08f51b8bd99ee7da8a0de180a85c35720336f0851efef2849
                                                                                                                                                                                                      • Instruction ID: 3e6b410c68b11b148ea37afc8b4293d066050173e0b7ed7a4eae498c1d3f6b69
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1af8fb97403c8f08f51b8bd99ee7da8a0de180a85c35720336f0851efef2849
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2A002E51AD2127C750852515D16D76112DC5C5F55331851FB5019508158585856503F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A7EA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___delayLoadHelper2@8.DELAYIMP ref: 0040A7D6
                                                                                                                                                                                                        • Part of subcall function 00418B00: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00418B77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 123106877-0
                                                                                                                                                                                                      • Opcode ID: 48a9a15df7e5304ec5a648b6256e3c884afd83c5c095478fa08e9dcd598682fb
                                                                                                                                                                                                      • Instruction ID: 3e6b410c68b11b148ea37afc8b4293d066050173e0b7ed7a4eae498c1d3f6b69
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48a9a15df7e5304ec5a648b6256e3c884afd83c5c095478fa08e9dcd598682fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2A002E51AD2127C750852515D16D76112DC5C5F55331851FB5019508158585856503F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00407904 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SendMessageA.USER32(?,0000000F,00000000,00000000), ref: 0040790E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                      • Opcode ID: def3a53dd736515ad0e1087ccd9e67a3c832d26b1f6e4ef0c9a1b3e93d2d8d3f
                                                                                                                                                                                                      • Instruction ID: 708e5946349aaa2f2ab9eb6cf0cc377edafeaaa64d34d7b2bf1f15531840121e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: def3a53dd736515ad0e1087ccd9e67a3c832d26b1f6e4ef0c9a1b3e93d2d8d3f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87B012302C030167E5308B008C06F0676106740B00F2018247251680F547E01010E508
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041A324 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __fsopen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3646066109-0
                                                                                                                                                                                                      • Opcode ID: 53142091a7d43386afab4fa77b39c11c58a1ee2d9bff5bda387d034ec5f6495f
                                                                                                                                                                                                      • Instruction ID: e61a64e133f562ed026f9e277b511abbab63073344de197aad54537584aa727b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53142091a7d43386afab4fa77b39c11c58a1ee2d9bff5bda387d034ec5f6495f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7B0127940D200BECA011601BC02B0977616B80724F84C458BB5C10161923F8134A60B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EAD6F7 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: bf684569be71330b0052dad8d59e09e7489aa940730dee259695698e73e19f25
                                                                                                                                                                                                      • Instruction ID: 99f39b9fa9ac27fad346caae905db4abec164f013c731764b30615d8e1c22c90
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf684569be71330b0052dad8d59e09e7489aa940730dee259695698e73e19f25
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68A19B71A04241DFDB09DF14C894BAAB7B2FF49318F0891ADD91A4FB81C774B864CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EAD6E0 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5936fcd17bc53a290a77420bc769d8067052047ec53c5a5e241b724915bb039a
                                                                                                                                                                                                      • Instruction ID: 395618bfb382a6c49e200c47b7a9d08e37746d0fadf114c1cc0e5c79ab299047
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5936fcd17bc53a290a77420bc769d8067052047ec53c5a5e241b724915bb039a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E619871604601DFEB18CF24C894BA9B7B2FF48718F14919DE95A4FB81D774B860CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EAD6D5 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ed6ae8f39e502593823467b895b3d2184a8b712f43b9df1f6f77f2555ac53582
                                                                                                                                                                                                      • Instruction ID: e7cd9e89b1ec24d07153722317c01e5d77f9ab96be707ef219ae5673d37e277e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed6ae8f39e502593823467b895b3d2184a8b712f43b9df1f6f77f2555ac53582
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A5189B1A04601DFDB18CF24C894BA9B7B2FF48318F08919DD85A4FB81D774B864CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EA03B2 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b99e0dfca0481bb9f2c9b7230499340f5e8453ad29421014f4a01fbdfdb2fac3
                                                                                                                                                                                                      • Instruction ID: c603baeb1bd68073f1bd3d51bb942971ba97126900604691f7f8c1b680e3d09f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b99e0dfca0481bb9f2c9b7230499340f5e8453ad29421014f4a01fbdfdb2fac3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB1137B6D0122A9FCF18CF58C5815ADB7B1FB58314B56912ADC69AB342D334BE31CB81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB4384 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0318030bdee39fcc82c8cd677839b9dd13489161e1548ad47c8beecd91864b4c
                                                                                                                                                                                                      • Instruction ID: cd61617a04e15e59af4aa454e3d3c35ed31cc45d656bcb16a713556899b166dd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0318030bdee39fcc82c8cd677839b9dd13489161e1548ad47c8beecd91864b4c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5501D17460C366CBD760CF58C0802AA7BB2EB84304F19C1AEC5900B787C6397816CBA2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB4288 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3c985071a02e1730293418672ca33efe22147a774503836f2d93c8d8c44faf59
                                                                                                                                                                                                      • Instruction ID: 33d6e8ba834184d351f3788907e836e28656ad6e29566162befb7596bb79bfa1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c985071a02e1730293418672ca33efe22147a774503836f2d93c8d8c44faf59
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8014B7460C766CFDB24CF44C4905BE7BB2EB85304F1985AEC5915B787C2387941DBA2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB42A6 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c72e1b936c2793730943882f1889d784c8b4ce2f68524bc62d85fbc415f06c80
                                                                                                                                                                                                      • Instruction ID: 78156bac8759ac6d314b7bed3f3df366d62223f17c96f0e734fabde9f6ec0a61
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c72e1b936c2793730943882f1889d784c8b4ce2f68524bc62d85fbc415f06c80
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76F01D74648626CBDB24CF44C4C06BE73B6EBC8704F28856DD9951B786C239B941DBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB429B Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 62c90547236b959b43dd83ec037234efa9270add5d5ef4c744756a2fa6944d1b
                                                                                                                                                                                                      • Instruction ID: ce214c7e7b75111679e5fed4264ee0e407c121dca6d688f56636b3ab8487f947
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62c90547236b959b43dd83ec037234efa9270add5d5ef4c744756a2fa6944d1b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08F04F74608726CBDB24DF44C4C05BE77B2EBC4304F14856DC9911B786C2397951DB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB42AD Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 16d745dbc1efdf918a93199317201ba10ed288bd6957198e72cd27b7906e152b
                                                                                                                                                                                                      • Instruction ID: a75229f909f60a58d015f79c796f8b58dfe78221463c2a48cc682efef62453ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16d745dbc1efdf918a93199317201ba10ed288bd6957198e72cd27b7906e152b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F01D74648626CBDB24CF44C4C06BE73B2EBC8304F28856DC9951B786C239B941DBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB42B3 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f5376c0739242cf7ed2466eb20b5b8c95539b0bedb7ca3914527fa31c83e24f0
                                                                                                                                                                                                      • Instruction ID: 5c85fdf32cf62a28f9c283ac6efbbafd8ea10e63dc3e335bda7e3593577e3255
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5376c0739242cf7ed2466eb20b5b8c95539b0bedb7ca3914527fa31c83e24f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92F01D74648626CBDB64CF48C4806BE73B2EBC8304F28856DC9951B786C239B941DBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB43A6 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8e1a8c0e3ca16ecdc55611a7a6b2bc8fa6ff87c692098ebd668c5f3df80d263a
                                                                                                                                                                                                      • Instruction ID: 17e44c7a69ed069f33daac0f66e89375f5ee964871cf5f8f8fc8844afcff5a86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e1a8c0e3ca16ecdc55611a7a6b2bc8fa6ff87c692098ebd668c5f3df80d263a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCF03A74A0822ACBD760CF48C4805BE73B6EB98704F14C169D9911B786C634B912CBA2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB43AD Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 00e9ff0b34a33434969ccd6624c28170b4b70cdec70f589ce5f5b2f2fa82b515
                                                                                                                                                                                                      • Instruction ID: c1ce57aaa9968163a2fdb28fb2c63b590ce92ebfd49fb6f4ddf388d380290a0d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00e9ff0b34a33434969ccd6624c28170b4b70cdec70f589ce5f5b2f2fa82b515
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71F05E74A0832ACBD760CF48C0C05BE73B6EB98704F14C169C9911B786C634B912CBA2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB43B3 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 665baf2d62b57a13d2cbd2100f913f2debec4c2709cc6ed6d4211a7ba5216baa
                                                                                                                                                                                                      • Instruction ID: 1c4398a010a028e45995a7b7ee2c0312b147316fa6d850fe6e18a0322df64776
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 665baf2d62b57a13d2cbd2100f913f2debec4c2709cc6ed6d4211a7ba5216baa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EF01274A0872ACBD760CF48D4C05AE73B7EB98704F14C16DD9911B786C635B952CBA2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EA0462 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8fdec399a30e2adefb034c9bce1b445fef1ca91e7baba16d478786fe31bfd9ca
                                                                                                                                                                                                      • Instruction ID: 5d86931c76ec3acb43cf7d6b282614bec2a89882659072041bd4d7e03de204b7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fdec399a30e2adefb034c9bce1b445fef1ca91e7baba16d478786fe31bfd9ca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28F09876C001299B8B148F88D44119DB771BB09318B199496DC6C7B242D232BD61CB85
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB4ACD Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2638942b4cacd4bf51483eefd9948272f304ac49e4bb7287fd17e91cb9601702
                                                                                                                                                                                                      • Instruction ID: 30b7e54102bae57d4c702e2bf457fd61ef967c959e074048daa721a5d8868909
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2638942b4cacd4bf51483eefd9948272f304ac49e4bb7287fd17e91cb9601702
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EF07FB5900A06AFDB44CF64C4547EAF7B8FB44B14F14860AD42857740DB787569CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB4978 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 945d5699f5d66f2be28c439997fb620fc71dc878aa1402a299e783e15940a35e
                                                                                                                                                                                                      • Instruction ID: 83ac6916e555421ca65c457b303d2ef1466acc4d362c556d6d915803bc9f3f3c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 945d5699f5d66f2be28c439997fb620fc71dc878aa1402a299e783e15940a35e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AF092B5900A06AFDB84CF60C0547DAF7B8FB84B14F14821AD42957340DB78B569CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EAA593 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 26f15ed586c49b7523b1955cca484552c5bb418b1d12004058b778cb62fa0b56
                                                                                                                                                                                                      • Instruction ID: 4ec5f98336168defebd41a2a16a71fc9fd9963baee12b5ce3751c7deeb7992e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26f15ed586c49b7523b1955cca484552c5bb418b1d12004058b778cb62fa0b56
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22F092B5900A06AFDB84CF60C0547DAFBB4BB44714F14825AC52867740DB787569CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB5146 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0860ae0422b36f13336f2dac3bf27a73e4a50e0766e2c07059b980932af5e15a
                                                                                                                                                                                                      • Instruction ID: d2163538a3106f67791d56963ab5748904dd5fd9f9f7b54d3e221943f3ac0047
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0860ae0422b36f13336f2dac3bf27a73e4a50e0766e2c07059b980932af5e15a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17F092B5900A06AFDB85CF60C0547DAFBB4BB44724F14821AC42867340DB787569CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EAEA1C Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7a1aca7df033b1aa2f1e21cd995dde23c57ae1b66e375e317f34694563b1082b
                                                                                                                                                                                                      • Instruction ID: c9f4c32e3b6d83e5ed95466020ea6c103a489dafc0aa2e209c9a1462b8004490
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a1aca7df033b1aa2f1e21cd995dde23c57ae1b66e375e317f34694563b1082b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28F092B5A00A06AFDB44CF60C0547DAFBB4BB44718F14821AC42867740DB7875A9CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EAEB31 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7a1aca7df033b1aa2f1e21cd995dde23c57ae1b66e375e317f34694563b1082b
                                                                                                                                                                                                      • Instruction ID: c9f4c32e3b6d83e5ed95466020ea6c103a489dafc0aa2e209c9a1462b8004490
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a1aca7df033b1aa2f1e21cd995dde23c57ae1b66e375e317f34694563b1082b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28F092B5A00A06AFDB44CF60C0547DAFBB4BB44718F14821AC42867740DB7875A9CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EADC6E Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d13a919e3a6210ef308f74910b681a44852aa99be5fe4396ec0bd2d0ebac3b8e
                                                                                                                                                                                                      • Instruction ID: a969e0b766ad6b6c24a4a10f4bc1bb766d0b3bd53b9f677ad7addf482a3fbb26
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d13a919e3a6210ef308f74910b681a44852aa99be5fe4396ec0bd2d0ebac3b8e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF0CAB6D00A06AFCB04CF60C0047DAFBB4BB88718F14821AC42867700DB78B5A9CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB3C36 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d332e5ded22d1290b40f5f2a7cdb03fb535a69b4289c01da2828a74c5d57d516
                                                                                                                                                                                                      • Instruction ID: 0ef6c0f8f9f0c4c7d831ad0f91f829d8e5d9da039d22cbba948694659deb6cbb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d332e5ded22d1290b40f5f2a7cdb03fb535a69b4289c01da2828a74c5d57d516
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44F0CAB6D00A06AFCB04CF60C0147DAFBB4BB48718F14821AC42867700DB78B5A9CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB47AA Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fdf696460b66777242517fd4ce6b7fe0ba5e1d96e7c1e0c05e690f25d44181e2
                                                                                                                                                                                                      • Instruction ID: 613fc449e3ae66b5c385afee5d52f3705a07de71136d95fc6f7c55975b9d7b43
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdf696460b66777242517fd4ce6b7fe0ba5e1d96e7c1e0c05e690f25d44181e2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05F0CAB6D00A06AFCB04CF60C0047DAFBB4BB48B18F14821AC42867300EBB8B569CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB6729 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4eb9b5d791f8a6cd6fbcecff4883e597f2a17d012c883e848a6b2680ba0e1e55
                                                                                                                                                                                                      • Instruction ID: 7b4f02acb07b8e6f3745711d370be0311be4e761f5e0a280ac85a8cb2ca71e0d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4eb9b5d791f8a6cd6fbcecff4883e597f2a17d012c883e848a6b2680ba0e1e55
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68F0CAB6D00A06AFCB04CF60C0047DAFBB4BB48B18F14821AC42867300EB78B569CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EAD835 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 64283e11355eeea277347ca74bdd35878ce0053e86408940f710d01ea60dabba
                                                                                                                                                                                                      • Instruction ID: f0304bae97373bab3794f33ceb71424b4a5d71a2eff1b1abffac7f9257d4fdae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64283e11355eeea277347ca74bdd35878ce0053e86408940f710d01ea60dabba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42F0CAB6D00A06AFDB04CF60C0047DAFBB4BB48728F15821AC42867300DB78B569CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB3A76 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d332e5ded22d1290b40f5f2a7cdb03fb535a69b4289c01da2828a74c5d57d516
                                                                                                                                                                                                      • Instruction ID: 0ef6c0f8f9f0c4c7d831ad0f91f829d8e5d9da039d22cbba948694659deb6cbb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d332e5ded22d1290b40f5f2a7cdb03fb535a69b4289c01da2828a74c5d57d516
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44F0CAB6D00A06AFCB04CF60C0147DAFBB4BB48718F14821AC42867700DB78B5A9CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB43E9 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fbe518c957e8db1a87a899e7874ea9c7f901e37092df61a73e2d0419e3a511ea
                                                                                                                                                                                                      • Instruction ID: a080dd9b53fa3fb253f9c602de76bb809de0a42b08ba35637b3aa98e700cf21f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbe518c957e8db1a87a899e7874ea9c7f901e37092df61a73e2d0419e3a511ea
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1F0CAB6D00A06AFDB04CF60C0047DAFBB4BB48728F54821AC42867300DB78B569CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04EB4CF4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004EA2000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EA2000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4ea2000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a22eff3b9351972e98231c8a60d68bbc8a5bffe26bcd7f422e93b5b88a05580d
                                                                                                                                                                                                      • Instruction ID: 4e9a63f194d32a4dadb6875a4df5a4c0b974b7bc737aeee8cddbdf1034ea8313
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a22eff3b9351972e98231c8a60d68bbc8a5bffe26bcd7f422e93b5b88a05580d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CF0CAB6D00A06AFDB04CF60C0143DAFBB0BB88B18F14821AC42867300DB78B969CFC0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00409D0C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 110COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 00409D27
                                                                                                                                                                                                      • GetUserNameA.ADVAPI32(?,?), ref: 00409D48
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409D52
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00409D9F
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 00409DB4
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409DC2
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409DDD
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00409DEC
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$Timetime$NameUser_fprintf_getenv_malloc_memset_printf_sprintf_vfprintf
                                                                                                                                                                                                      • String ID: ALLUSERSPROFILE$JWUser-$[%d] %d %d$d
                                                                                                                                                                                                      • API String ID: 648532958-3485044302
                                                                                                                                                                                                      • Opcode ID: 4030011f3cabf36c855e4ecf0c33dbaff38c164865047cdffb6ab7e505ebc55d
                                                                                                                                                                                                      • Instruction ID: 99ff57dbbdd31ff212464e6a1fdd16460e00666e93e7a641bae7db39ecad583d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4030011f3cabf36c855e4ecf0c33dbaff38c164865047cdffb6ab7e505ebc55d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A231A8729402586ADB20FAA59C42BEF776CAF45304F50007FF544B7183DA784E4587AD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00418D3B Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0041F6DE
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041F6F3
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(0043E1B4), ref: 0041F6FE
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 0041F71A
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 0041F721
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                                                                                      • Opcode ID: 9e1fb38fd3a19ed41d125d6b204f83fb92db40c5ab459d01bf4cbb558ead8f6d
                                                                                                                                                                                                      • Instruction ID: 6477aab08b6139914a8f0683dab7d801c8f4d83647bf4e144754b668f9be8c7d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e1fb38fd3a19ed41d125d6b204f83fb92db40c5ab459d01bf4cbb558ead8f6d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F2103B8500314DFD710DF29FC456497BB4FB1A306F50903AE929837A1EBB499858F9D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004117A0 Relevance: 6.8, Strings: 5, Instructions: 500COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fprintf_raise
                                                                                                                                                                                                      • String ID: .\src\pk\ecc\ltc_ecc_mulmod.c$G != NULL$R != NULL$k != NULL$modulus != NULL
                                                                                                                                                                                                      • API String ID: 1988439158-3101590508
                                                                                                                                                                                                      • Opcode ID: 9bb15132c1f81f9e2563456cf81382d1a2d2811922428a40a7825a6ca1d1b23c
                                                                                                                                                                                                      • Instruction ID: 4d4dfe69683bdb22cc6c714312dd32420046a2df30e59a8a87c745401a5dac89
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bb15132c1f81f9e2563456cf81382d1a2d2811922428a40a7825a6ca1d1b23c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53F1E1B69083109BC320DB54EC84A6BB7E8EB88755F04492DFD4587311E779ED84CBEA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042F0D0 Relevance: 1.6, Strings: 1, Instructions: 397COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: T
                                                                                                                                                                                                      • API String ID: 0-3660834258
                                                                                                                                                                                                      • Opcode ID: e6a3ee3763d8904190765e92d075bf75ac70bee979b2c58f830e125182d43ccd
                                                                                                                                                                                                      • Instruction ID: 580fe0ae47c89ac7ab7bb490364862c7bbc0ce4dd702a2bc9227b0fac833f812
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6a3ee3763d8904190765e92d075bf75ac70bee979b2c58f830e125182d43ccd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53E19271A00618DBDB20DFA5E841BEBB7F4EB48314F90057FE84A97341D739A989CB94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0043146C Relevance: .5, Instructions: 542COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 22f018129ca3e0f5ce3ae402eb12356160b081c4180d0272328b5bab637af6ab
                                                                                                                                                                                                      • Instruction ID: e67bea2d8685f03c6888c18f2a53a6bfe2193c43a6bd548d2e96fe0e77a03dbe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22f018129ca3e0f5ce3ae402eb12356160b081c4180d0272328b5bab637af6ab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14225B75E002598FCB18CFA8C8806EDBBF2FF89340F14516AE859E7354E675A942CF58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00431150 Relevance: .5, Instructions: 525COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a17f4ce04f802c7e26d8aac6f07c628a462b035e1407e17e45bcba043aa3b433
                                                                                                                                                                                                      • Instruction ID: 93f034ac353bc78ee706539478fbe34e5ef8cfe4b0e706a5285ca7f7578d582a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a17f4ce04f802c7e26d8aac6f07c628a462b035e1407e17e45bcba043aa3b433
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9225D75E002598FCB18CFA8C8806EDBBF2FF89340F14516AE859E7354E675A942CF58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0043115B Relevance: .5, Instructions: 472COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: cb5f0feca29f0713c2c1c3dd1def4e30237f7eb2de603e26833f3b3b9623029e
                                                                                                                                                                                                      • Instruction ID: 9a6a1d5463788c953fa3eeb9dd9ebe177b53d8c938380b5ebe8a0fbd41b787e4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb5f0feca29f0713c2c1c3dd1def4e30237f7eb2de603e26833f3b3b9623029e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E124B75E002598FCB18CFA8C8806EDBBF2FF89340F14516AE859E7354E675A942CF58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00431166 Relevance: .4, Instructions: 441COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: dbcaca71ea86874a5587df045fe83789736fec19e942c9a796922f3a38a20cf7
                                                                                                                                                                                                      • Instruction ID: d018cce4ce0e577237a127aa5becac71e37cf73efe66c91be05221d512838664
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbcaca71ea86874a5587df045fe83789736fec19e942c9a796922f3a38a20cf7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD025B75E002598FCB18CFA8C8806EDBBF2FF89340F14516AE869E7354E675A942CF54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F2F0 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e03b4a91c1d8bf059a1cd99d4267bdd13d36fb5a2d3810be0d81f541f9143e6d
                                                                                                                                                                                                      • Instruction ID: 7b13dd501340ea14cba08b8cc49029555ea4979f39b6253d095a35fa2ecf35cf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e03b4a91c1d8bf059a1cd99d4267bdd13d36fb5a2d3810be0d81f541f9143e6d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6912B2746087459FC308CF29C59091AFBE2FF8C314F458A2EE9999B361DB34E954CB86
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041E0B1 Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                      • Instruction ID: e4c51866d0039e92df1c67372508dd202eb5b50f3b611af6ea2ee90b14735808
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BD15FB7C1A9B3068735812E40682ABEE626FD165031EC3E2DCD42F38DD63B5D9195D4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041DC91 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                      • Instruction ID: d89d38983902b139a59fab0f6daddce1c644c7b0d038d3a5919d7453eb8ab85b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35D16FB3C1A9B30A8735812E44681ABEA62AFD175131FC3E2DCD42F38DD62B6D8195D4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041D885 Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                      • Instruction ID: ff5a14957b43e78b512ce4a24afaa7c299abeb584726558e8d2bf3b1eb0926d2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AC16EB3D1A9B30A8735812E40682ABEA626FD175131FC7E2DCD43F38D912B6D8195D4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041D4B1 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                      • Instruction ID: f3c829f30f51239bf10c7513ac38907922ceea2a80e61efc12b587564c5eaac2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EC181B3D1A9B30A8735812D44682BBEE626FD175131EC3E2CCE42F38DD22B9D8595D4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04F47BD8 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004F43000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F43000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f43000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 46a84058208b9e23f5ea92ffe938a6975214eba84bf3738b049dce834efa8d35
                                                                                                                                                                                                      • Instruction ID: 7f738203f0af1847a5c9428a19ddc9daadfdf2fd017f38c15679f2bdff847c37
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46a84058208b9e23f5ea92ffe938a6975214eba84bf3738b049dce834efa8d35
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49817D729046508FD711DF28C480619FBE1FF89724F668A6ED994AB361DB35F843CB81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004369D0 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 606d69ba83c9c49a2a581d764e565bf1fee489d3ed49bc9d9cb61b618e5c5a23
                                                                                                                                                                                                      • Instruction ID: 8493effe43d885cf379a165e266e1b805b6788e6b415a1abfada8ff5a5869347
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 606d69ba83c9c49a2a581d764e565bf1fee489d3ed49bc9d9cb61b618e5c5a23
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04816EB6E002299BDB08CFA8C8907EDFBF1EF99300F098179E555EB351D6789904CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00434F00 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ab73e8a30dd8fd7d43494ce74e74f40c44868cbdb3b75d522219ecf4231d1a14
                                                                                                                                                                                                      • Instruction ID: 6b1ec7c6ca145b27c63c7a969690491098dacf8f69884b755a482a59ee9ee94b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab73e8a30dd8fd7d43494ce74e74f40c44868cbdb3b75d522219ecf4231d1a14
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97513572F204154BF75C892ECC943297AC2DBC8341F588A78DD59DB68FDDB8CA1283A4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004162A5 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1579825452-0
                                                                                                                                                                                                      • Opcode ID: 3d1488761be71b157e8a80794f332e76a6c01653823afd25550b7b4a951e6a63
                                                                                                                                                                                                      • Instruction ID: c774a1169e7e9ace835da51496d6907429be74299e22fc9fc49a2b5c607e22b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d1488761be71b157e8a80794f332e76a6c01653823afd25550b7b4a951e6a63
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF414D71E00109AFDB08DF99C841AEEB7F5EB48314F15846EE845E7341D678EA418B54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00434DC0 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: dce835b8e1cab4cb0ea8d6efea516c1a43f9c4021a0666853bd11701653ec9ce
                                                                                                                                                                                                      • Instruction ID: 0a038bdadb8fd9bf0bad13cceb7fa133878ac9b7bd9dc05615902a63219e2efb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dce835b8e1cab4cb0ea8d6efea516c1a43f9c4021a0666853bd11701653ec9ce
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D31E776E10165CFDB08CF5EE8D07AAB3B2FBCC301F259129D814A7355C638AA258B94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00434CC0 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 766ff01495edffe5a36d7378098d8d9961cb746ff61d5e63e5811eebf087db08
                                                                                                                                                                                                      • Instruction ID: 8cf8fa387adf88ae2713776711665b3b8d855d48f6131ccabb5a80a618fbba1d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 766ff01495edffe5a36d7378098d8d9961cb746ff61d5e63e5811eebf087db08
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A721C7319501714BDB08CF16ECE057A33B2F7CA31175A563EDE5287285C238B929CBE4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04F4D706 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2626548845.0000000004F43000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F43000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4f43000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9648e87a7b50ac75c21ce1a2cf0c962df324a7c6b7e70e3b7563904a9a40dc16
                                                                                                                                                                                                      • Instruction ID: 5a81ce2e4ef149c0c54542099fc44ff266c2bc3223777f9d9ef6a9d9e444de2a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9648e87a7b50ac75c21ce1a2cf0c962df324a7c6b7e70e3b7563904a9a40dc16
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73F0F2A240E7E08FE7038720A8A66917F70EF2372474A85CBC0808E1A7D66A450BC722
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004070E6 Relevance: 63.2, APIs: 14, Strings: 22, Instructions: 246synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • --simplehelp-downloadtest, xrefs: 0040733A
                                                                                                                                                                                                      • [Extractor] Processed public key of length %d, xrefs: 00407202
                                                                                                                                                                                                      • ERROR - unable to import public key., xrefs: 00407248
                                                                                                                                                                                                      • 30820222300D06092A864886F70D01010105000382020F003082020A0282020100809117AD80272B656E1933627989FC63E4D7781D3DC18CD14BA3557B439DAC2945B118DEE7A7C2F8AD0DAD4F0801110DBB9165CA9834B48813C760A9D96A7F4A4B845B8AE157787C8B34C57EAA2E78EB02D8D31AE4E958D2F2CCD72AED2D77D76A, xrefs: 004071C9, 004071CE, 004071F6, 00407210
                                                                                                                                                                                                      • C:\TEMP, xrefs: 00407290
                                                                                                                                                                                                      • test.p2.l2, xrefs: 004071BF
                                                                                                                                                                                                      • [DEBUG] Downloading %s, xrefs: 0040730A
                                                                                                                                                                                                      • ProxyBypassList: %s, xrefs: 00407165
                                                                                                                                                                                                      • Working proxy list is NULL, xrefs: 00407374
                                                                                                                                                                                                      • Proxy list was empty!, xrefs: 00407152, 00407392
                                                                                                                                                                                                      • [Extractor] Hex: %s, xrefs: 00407211
                                                                                                                                                                                                      • Proxy bypass list was empty!, xrefs: 00407172
                                                                                                                                                                                                      • C:\Users\simplehelp\AppData\Local\Temp, xrefs: 00407314
                                                                                                                                                                                                      • ProxyList: %s, xrefs: 00407145, 00407385
                                                                                                                                                                                                      • --simplehelp-extracttest, xrefs: 004071A3
                                                                                                                                                                                                      • --mkdir, xrefs: 00407186
                                                                                                                                                                                                      • --simplehelp-downloadtest2, xrefs: 004072F3
                                                                                                                                                                                                      • deleteme.tmp, xrefs: 0040735E
                                                                                                                                                                                                      • --simplehelp-proxytest, xrefs: 00407120
                                                                                                                                                                                                      • [DEBUG] Download FALED!, xrefs: 00407330
                                                                                                                                                                                                      • Could not open test.p2.l2, xrefs: 004072E9
                                                                                                                                                                                                      • [DEBUG] Download worked!, xrefs: 00407326
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _printf$_malloc$ObjectSingleWait_memset_strlen
                                                                                                                                                                                                      • String ID: --mkdir$--simplehelp-downloadtest$--simplehelp-downloadtest2$--simplehelp-extracttest$--simplehelp-proxytest$30820222300D06092A864886F70D01010105000382020F003082020A0282020100809117AD80272B656E1933627989FC63E4D7781D3DC18CD14BA3557B439DAC2945B118DEE7A7C2F8AD0DAD4F0801110DBB9165CA9834B48813C760A9D96A7F4A4B845B8AE157787C8B34C57EAA2E78EB02D8D31AE4E958D2F2CCD72AED2D77D76A$C:\TEMP$C:\Users\simplehelp\AppData\Local\Temp$Could not open test.p2.l2$ERROR - unable to import public key.$Proxy bypass list was empty!$Proxy list was empty!$ProxyBypassList: %s$ProxyList: %s$Working proxy list is NULL$[DEBUG] Download FALED!$[DEBUG] Download worked!$[DEBUG] Downloading %s$[Extractor] Hex: %s$[Extractor] Processed public key of length %d$deleteme.tmp$test.p2.l2
                                                                                                                                                                                                      • API String ID: 1415652386-1236533646
                                                                                                                                                                                                      • Opcode ID: a51bdaf8373744f6d3cb34c4f8dc560cd9e9da7871495bda942b324bab390894
                                                                                                                                                                                                      • Instruction ID: 11c4948ea3664c2ba6b62bd7d030d859b388144be1c3d3fa20e4e8a5a404aee9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a51bdaf8373744f6d3cb34c4f8dc560cd9e9da7871495bda942b324bab390894
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D61EC31A08301AAE610BF71AC43F6777A5DF80714B20443FF854B62D2EA7DE951855F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00403071 Relevance: 51.0, APIs: 3, Strings: 26, Instructions: 243COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __itoa.LIBCMT ref: 004030E9
                                                                                                                                                                                                        • Part of subcall function 00419BC4: _xtoa@16.LIBCMT ref: 00419BE2
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 0040310D
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00403181
                                                                                                                                                                                                        • Part of subcall function 00401EF7: _malloc.LIBCMT ref: 00401F6C
                                                                                                                                                                                                        • Part of subcall function 00401EF7: _malloc.LIBCMT ref: 00401F80
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [JRESearch] JRE copied to %s OK, xrefs: 0040336C
                                                                                                                                                                                                      • java.exe, xrefs: 004031A4
                                                                                                                                                                                                      • [JRESearch] JRE failed compatibility test, xrefs: 004032F8
                                                                                                                                                                                                      • [JRESearch] JRE does not exist or does not have unpack200, xrefs: 004032FF
                                                                                                                                                                                                      • jre, xrefs: 00403142
                                                                                                                                                                                                      • PROGRAMFILES, xrefs: 00403101
                                                                                                                                                                                                      • [JRESearch] JRE binary does NOT exist, xrefs: 004031D8
                                                                                                                                                                                                      • [JRESearch] JRE binary exists, xrefs: 004031D1
                                                                                                                                                                                                      • [JRESearch] JRE up200 does NOT exist, xrefs: 004031F7
                                                                                                                                                                                                      • [JRESearch] JRE is valid, copying..., xrefs: 00403334
                                                                                                                                                                                                      • [JRESearch] Looking at JRE %s, xrefs: 004031B6
                                                                                                                                                                                                      • [JRESearch] JRE unpack200 exists %s, xrefs: 0040329C
                                                                                                                                                                                                      • Java, xrefs: 00403137
                                                                                                                                                                                                      • bin, xrefs: 00403195
                                                                                                                                                                                                      • [JRESearch] JRE version is OK, xrefs: 00403274
                                                                                                                                                                                                      • [JRESearch] JRE version is NOT OK, xrefs: 0040327B
                                                                                                                                                                                                      • [JRESearch] Copied JRE version is %s, xrefs: 0040338B
                                                                                                                                                                                                      • Java_JWAutoTest, xrefs: 00403130
                                                                                                                                                                                                      • [JRESearch] JRE up200 exists, xrefs: 004031F0
                                                                                                                                                                                                      • 00000000000, xrefs: 0040337C
                                                                                                                                                                                                      • [Extractor] Checking JRE version requirements: %s vs required %s, xrefs: 00403220
                                                                                                                                                                                                      • [JRESearch] JRE copy failed, cannot pick up existing JRE, xrefs: 0040339A
                                                                                                                                                                                                      • [JRESearch] ********************* No latest App version even after download!, xrefs: 00403322
                                                                                                                                                                                                      • [Extractor] Versions for JREs could not be detected (%d,%d), xrefs: 00403261
                                                                                                                                                                                                      • [JRESearch] Checking for JRE %d, xrefs: 004030F7
                                                                                                                                                                                                      • JWrapper, xrefs: 004032A6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$Timetime$__itoa_fprintf_getenv_printf_vfprintf_xtoa@16
                                                                                                                                                                                                      • String ID: 00000000000$JWrapper$Java$Java_JWAutoTest$PROGRAMFILES$[Extractor] Checking JRE version requirements: %s vs required %s$[Extractor] Versions for JREs could not be detected (%d,%d)$[JRESearch] ********************* No latest App version even after download!$[JRESearch] Checking for JRE %d$[JRESearch] Copied JRE version is %s$[JRESearch] JRE binary does NOT exist$[JRESearch] JRE binary exists$[JRESearch] JRE copied to %s OK$[JRESearch] JRE copy failed, cannot pick up existing JRE$[JRESearch] JRE does not exist or does not have unpack200$[JRESearch] JRE failed compatibility test$[JRESearch] JRE is valid, copying...$[JRESearch] JRE unpack200 exists %s$[JRESearch] JRE up200 does NOT exist$[JRESearch] JRE up200 exists$[JRESearch] JRE version is NOT OK$[JRESearch] JRE version is OK$[JRESearch] Looking at JRE %s$bin$java.exe$jre
                                                                                                                                                                                                      • API String ID: 1054421988-1801441168
                                                                                                                                                                                                      • Opcode ID: 16e1cfd5e7ea5365c54e59ef6cfda5a6748ce461181961db8c8840c72847cef4
                                                                                                                                                                                                      • Instruction ID: bf5c2e21c331274462ab55dd859d53d21b3577b8df4a976b90350923bfc5330f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16e1cfd5e7ea5365c54e59ef6cfda5a6748ce461181961db8c8840c72847cef4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C81C472D003146EDB20AF658C42ADE7AA4AF08754F2001EFF848B66D1DA785FD08B5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00409E4C Relevance: 49.2, APIs: 12, Strings: 16, Instructions: 155COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 00409E71
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409E83
                                                                                                                                                                                                      • GetVersionExA.KERNEL32(00000094,00000000,?,00001388), ref: 00409EAB
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 00409EC3
                                                                                                                                                                                                        • Part of subcall function 0041BBBB: _strnlen.LIBCMT ref: 0041BBFA
                                                                                                                                                                                                        • Part of subcall function 0041BBBB: __lock.LIBCMT ref: 0041BC0B
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 00409EEA
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00409EF3
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409F4E
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409F62
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409F7A
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00409F8E
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00409FBC
                                                                                                                                                                                                      • GetShortPathNameA.KERNEL32(00000000,00000000,00000400), ref: 00409FCD
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor] Local AppData directory resolved to %s, xrefs: 00409ECC
                                                                                                                                                                                                      • USERPROFILE, xrefs: 00409EE5
                                                                                                                                                                                                      • Local Settings, xrefs: 00409F05
                                                                                                                                                                                                      • Got short path of %s, xrefs: 00409FD8
                                                                                                                                                                                                      • Checking if %s contains a !, xrefs: 00409F6D
                                                                                                                                                                                                      • Shared directory appears valid., xrefs: 00409F98
                                                                                                                                                                                                      • Checking if string is cAscii %s, xrefs: 00409F41
                                                                                                                                                                                                      • Application Data, xrefs: 00409F12
                                                                                                                                                                                                      • [Extractor] Local AppData directory detected, xrefs: 00409ED9
                                                                                                                                                                                                      • APPDATA, xrefs: 00409E62
                                                                                                                                                                                                      • Trying the short path instead., xrefs: 00409FB1
                                                                                                                                                                                                      • The directory %s appears invalid., xrefs: 00409FA6
                                                                                                                                                                                                      • [Extractor] Roaming AppData directory detected, xrefs: 00409E99
                                                                                                                                                                                                      • Shared dir detected is %s, xrefs: 00409F29
                                                                                                                                                                                                      • Validating directory..., xrefs: 00409F1D
                                                                                                                                                                                                      • LOCALAPPDATA, xrefs: 00409EBE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$_getenv$Time_malloctime$NamePathShortVersion__lock_fprintf_printf_strnlen_vfprintf
                                                                                                                                                                                                      • String ID: APPDATA$Application Data$Checking if %s contains a !$Checking if string is cAscii %s$Got short path of %s$LOCALAPPDATA$Local Settings$Shared dir detected is %s$Shared directory appears valid.$The directory %s appears invalid.$Trying the short path instead.$USERPROFILE$Validating directory...$[Extractor] Local AppData directory detected$[Extractor] Local AppData directory resolved to %s$[Extractor] Roaming AppData directory detected
                                                                                                                                                                                                      • API String ID: 3046576466-4211086507
                                                                                                                                                                                                      • Opcode ID: 25c419bf3c7482a94bf89a36d26bdab4c765e940c2ca259b6d91a43a3c6b4e46
                                                                                                                                                                                                      • Instruction ID: aaaf2a8cfc96abb5bfb7b1b85f052a70c8a3debfa3e4c827c56399c5003c2afd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25c419bf3c7482a94bf89a36d26bdab4c765e940c2ca259b6d91a43a3c6b4e46
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0641D8766457016AEA2076776C46FAF6A588F92798F24003FF444F52C3EE7C4C9141AF
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004051EC Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 186windowregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32 ref: 00405219
                                                                                                                                                                                                      • LoadCursorA.USER32(00000000,00007F8A), ref: 00405229
                                                                                                                                                                                                      • LoadIconA.USER32 ref: 0040524C
                                                                                                                                                                                                      • RegisterClassA.USER32(?), ref: 0040525B
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007F00), ref: 00405266
                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 004052B3
                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 004052C3
                                                                                                                                                                                                      • GetMonitorInfoA.USER32(00000000,00000028), ref: 004052CF
                                                                                                                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 00405309
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00405344
                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405361
                                                                                                                                                                                                      • CreateWindowExA.USER32(-00000080,msctls_progress32,?,82000001,00000008,00000008,?,?,?,00000000,?,00000000), ref: 00405399
                                                                                                                                                                                                      • SendMessageA.USER32(00000000,00000401,00000000,00640000), ref: 004053BC
                                                                                                                                                                                                      • SetWindowLongA.USER32(?,000000EB,?), ref: 004053C8
                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 004053D3
                                                                                                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004053E2
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004053EB
                                                                                                                                                                                                      • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00405423
                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040542C
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$Message$CursorInfoLoadMonitorTimetime$ClassCommonControlsCreateDestroyErrorEventFromHandleIconInitLastLongModuleParametersPeekPointRegisterSendShowSystem_fprintf_printf_strlen_vfprintf
                                                                                                                                                                                                      • String ID: $($0,D$Unable to create SplashWnd$Unable to register class SplashWnd$msctls_progress32
                                                                                                                                                                                                      • API String ID: 2107850248-2051709179
                                                                                                                                                                                                      • Opcode ID: e5a7b6552d614c6465a02f2686adfa0e1aa73d851996093b7723b977d54a6aaa
                                                                                                                                                                                                      • Instruction ID: 0557cc6803b2c129dbdac09053f59f1387ea7f687755a13c3f098989be771f04
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5a7b6552d614c6465a02f2686adfa0e1aa73d851996093b7723b977d54a6aaa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7615172408B05AFD7109FA4DC88A5BBBF9FB88754F104E2DF595D21A0DB74E9048F1A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004218EF Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0041EAFD), ref: 004218F5
                                                                                                                                                                                                      • __mtterm.LIBCMT ref: 00421901
                                                                                                                                                                                                        • Part of subcall function 004215D9: __decode_pointer.LIBCMT ref: 004215EA
                                                                                                                                                                                                        • Part of subcall function 004215D9: TlsFree.KERNEL32(00000007,00421A6E), ref: 00421604
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00421917
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00421924
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00421931
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0042193E
                                                                                                                                                                                                      • TlsAlloc.KERNEL32 ref: 0042198E
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000), ref: 004219A9
                                                                                                                                                                                                      • __init_pointers.LIBCMT ref: 004219B3
                                                                                                                                                                                                      • __encode_pointer.LIBCMT ref: 004219BE
                                                                                                                                                                                                      • __encode_pointer.LIBCMT ref: 004219CE
                                                                                                                                                                                                      • __encode_pointer.LIBCMT ref: 004219DE
                                                                                                                                                                                                      • __encode_pointer.LIBCMT ref: 004219EE
                                                                                                                                                                                                      • __decode_pointer.LIBCMT ref: 00421A0F
                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00421A28
                                                                                                                                                                                                      • __decode_pointer.LIBCMT ref: 00421A42
                                                                                                                                                                                                      • __initptd.LIBCMT ref: 00421A51
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00421A58
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                                      • API String ID: 2657569430-3819984048
                                                                                                                                                                                                      • Opcode ID: 64cdebb55a2e731a9dbb0e3fd0beba20c07a1a0163232697d872abe4527d7a37
                                                                                                                                                                                                      • Instruction ID: ef684907d1981bab38f21e3ff09a5d9b96f36a1137aa79630c93b6ba795c0db0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64cdebb55a2e731a9dbb0e3fd0beba20c07a1a0163232697d872abe4527d7a37
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C31617DA01321AECB50AF75FC0560B7AA4EB9A364B90153FF410922B1EB7DC481CB9C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00409A38 Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 158COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetNamedSecurityInfoA.ADVAPI32(?,00000001,00000004,00000000,00000000,00409C19,00000000,00000000), ref: 00409A81
                                                                                                                                                                                                      • LocalFree.KERNEL32(00001388,?,00409C19,00000000,KG@,00000000,?,00001388), ref: 00409AA4
                                                                                                                                                                                                      • GetExplicitEntriesFromAclA.ADVAPI32(00409C19,?,?,?,00409C19,00000000,KG@,00000000,?,00001388), ref: 00409ABA
                                                                                                                                                                                                      • LocalFree.KERNEL32(00001388,?,00409C19,00000000,KG@,00000000,?,00001388), ref: 00409ADF
                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00409C19,00000000,KG@,00000000,?,00001388), ref: 00409AED
                                                                                                                                                                                                      • ConvertStringSidToSidA.ADVAPI32(S-1-5-32-545,00001388), ref: 00409A57
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • GetNamedSecurityInfo Error %u, xrefs: 00409A8C
                                                                                                                                                                                                      • [Utils] Trustee %u is SID, xrefs: 00409B21
                                                                                                                                                                                                      • [Utils] Unable to convert SID, xrefs: 00409BD7
                                                                                                                                                                                                      • [Utils] Got %u ACEs for folder, xrefs: 00409AF7
                                                                                                                                                                                                      • GetExplicitEntriesFromAcl failed %u, xrefs: 00409AC5
                                                                                                                                                                                                      • S-1-5-32-545, xrefs: 00409A4C
                                                                                                                                                                                                      • [Utils] Converted SID for USERS, xrefs: 00409A64
                                                                                                                                                                                                      • [Utils] Unknown trustee at %u, xrefs: 00409B86
                                                                                                                                                                                                      • [Utils] Trimmed ACE size is %u, xrefs: 00409BA4
                                                                                                                                                                                                      • [Utils] Trustee %u is Users. Permissions is %u. Trimming..., xrefs: 00409B49
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLocal$Timetime$ConvertEntriesExplicitFromInfoNamedSecurityString_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: GetExplicitEntriesFromAcl failed %u$GetNamedSecurityInfo Error %u$S-1-5-32-545$[Utils] Converted SID for USERS$[Utils] Got %u ACEs for folder$[Utils] Trimmed ACE size is %u$[Utils] Trustee %u is SID$[Utils] Trustee %u is Users. Permissions is %u. Trimming...$[Utils] Unable to convert SID$[Utils] Unknown trustee at %u
                                                                                                                                                                                                      • API String ID: 4069273753-2874928235
                                                                                                                                                                                                      • Opcode ID: 9d732b214306925e7e3b91391991e1d4f4a1eb949a20f4276678de23759e1f28
                                                                                                                                                                                                      • Instruction ID: 5457b00a391a4c7d75176ee6e6561ed24b73ce9fe2a89fe7d0b9f780694fd32d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d732b214306925e7e3b91391991e1d4f4a1eb949a20f4276678de23759e1f28
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3516772A04218EBDF15DF95EC41DAEBBB9FF44324F21406BE410BA1D2DB386E418B59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004018C8 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 115sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004018D3
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                        • Part of subcall function 0041B6D3: __lock.LIBCMT ref: 0041B6E1
                                                                                                                                                                                                        • Part of subcall function 0041B6D3: __getdcwd_nolock.LIBCMT ref: 0041B6F3
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 00418D4A: __lock.LIBCMT ref: 00418D68
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_find_block.LIBCMT ref: 00418D73
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_free_block.LIBCMT ref: 00418D82
                                                                                                                                                                                                        • Part of subcall function 00418D4A: RtlFreeHeap.NTDLL(00000000,?,00445DA0,0000000C,0042173E,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D), ref: 00418DB2
                                                                                                                                                                                                        • Part of subcall function 00418D4A: GetLastError.KERNEL32(?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 00418DC3
                                                                                                                                                                                                      • Sleep.KERNEL32(00000032,?,?,?,?,?,00001388,004048A2,[Extractor] Renaming GU folder to %s,?), ref: 00401943
                                                                                                                                                                                                      • MoveFileExA.KERNEL32(?,?,00000003(MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED)), ref: 00401954
                                                                                                                                                                                                      • Sleep.KERNEL32(0000012C,?,?,?,?,?,00001388,004048A2,[Extractor] Renaming GU folder to %s,?), ref: 00401974
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Rename] Can do no better than a copy on this filesystem, xrefs: 004019BB
                                                                                                                                                                                                      • [Extractor] Working dir is '%s', xrefs: 004018E3
                                                                                                                                                                                                      • [Rename] The target already exists. Deleting., xrefs: 004018FF
                                                                                                                                                                                                      • [Rename] Copy failed too! Severe filesystem issues., xrefs: 004019E8
                                                                                                                                                                                                      • [Rename] File '%s' renamed to '%s', xrefs: 00401986
                                                                                                                                                                                                      • Extractor, xrefs: 00401963
                                                                                                                                                                                                      • [Rename] Windows - this FS seems to not supported renaming. Trying alternative method..., xrefs: 00401945
                                                                                                                                                                                                      • MoveFileEx, xrefs: 0040195E
                                                                                                                                                                                                      • nativesplash.png, xrefs: 004018CA
                                                                                                                                                                                                      • [Rename] MoveFileEx worked. Assuming success., xrefs: 00401997
                                                                                                                                                                                                      • [Rename] [FAIL] Could not rename '%s' to '%s' [%d], xrefs: 004019B1
                                                                                                                                                                                                      • [Rename] Created folder %s, xrefs: 004019D0
                                                                                                                                                                                                      • [Rename] Could not rename '%s' to '%s' [%d], xrefs: 00401934
                                                                                                                                                                                                      • [Rename] Copied %s to %s, xrefs: 004019F7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HeapSleepTime__locktime$AllocateErrorFileFreeLastMove___sbh_find_block___sbh_free_block__getdcwd_nolock_fprintf_malloc_printf_vfprintf
                                                                                                                                                                                                      • String ID: Extractor$MoveFileEx$[Extractor] Working dir is '%s'$[Rename] Can do no better than a copy on this filesystem$[Rename] Copied %s to %s$[Rename] Copy failed too! Severe filesystem issues.$[Rename] Could not rename '%s' to '%s' [%d]$[Rename] Created folder %s$[Rename] File '%s' renamed to '%s'$[Rename] MoveFileEx worked. Assuming success.$[Rename] The target already exists. Deleting.$[Rename] Windows - this FS seems to not supported renaming. Trying alternative method...$[Rename] [FAIL] Could not rename '%s' to '%s' [%d]$nativesplash.png
                                                                                                                                                                                                      • API String ID: 761647789-675971311
                                                                                                                                                                                                      • Opcode ID: edb528bcc419cd5f8bded31224d443631055d0bd8175fa2a9767fb411f0ba488
                                                                                                                                                                                                      • Instruction ID: 836c41f9cdb19b96ab68ac9e2465b72182750e47a6282760fca1570803066d03
                                                                                                                                                                                                      • Opcode Fuzzy Hash: edb528bcc419cd5f8bded31224d443631055d0bd8175fa2a9767fb411f0ba488
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B2180B264530539E52476A36C47FBB290CCE46BA8F20103FF944781D3AE6D595480BF
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00402EC2 Relevance: 29.8, APIs: 6, Strings: 11, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileVersionInfoSizeA.VERSION(?,?), ref: 00402EDD
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00402EE6
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00402F0C
                                                                                                                                                                                                      • GetFileVersionInfoA.VERSION(?,?,00000000,?,?,?), ref: 00402F2B
                                                                                                                                                                                                      • VerQueryValueA.VERSION(?,00440E58,?,?,?,?,00000000,?,?,?), ref: 00402F53
                                                                                                                                                                                                      • _sprintf.LIBCMT ref: 00402FA7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [JavaCheck] Got version info, xrefs: 00402F38
                                                                                                                                                                                                      • [JavaCheck] signature is wrong, xrefs: 00402FB1
                                                                                                                                                                                                      • [JavaCheck] Checking file version of %s, xrefs: 00402EF1
                                                                                                                                                                                                      • [JavaCheck] Size OK, xrefs: 00402F6C
                                                                                                                                                                                                      • [JavaCheck] get file version info call failed, xrefs: 00402FC6
                                                                                                                                                                                                      • [JavaCheck] ver query value function call failed, xrefs: 00402FBF
                                                                                                                                                                                                      • [JavaCheck] file version LS is %ld, xrefs: 00402F92
                                                                                                                                                                                                      • [JavaCheck] Queried value, xrefs: 00402F5C
                                                                                                                                                                                                      • [JavaCheck] size is null, xrefs: 00402FB8
                                                                                                                                                                                                      • [JavaCheck] verSize is zero, xrefs: 00402FDB
                                                                                                                                                                                                      • [JavaCheck] file version MS is %ld, xrefs: 00402F85
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileInfoTimeVersion_malloctime$AllocateHeapQuerySizeValue_fprintf_printf_sprintf_vfprintf
                                                                                                                                                                                                      • String ID: [JavaCheck] Checking file version of %s$[JavaCheck] Got version info$[JavaCheck] Queried value$[JavaCheck] Size OK$[JavaCheck] file version LS is %ld$[JavaCheck] file version MS is %ld$[JavaCheck] get file version info call failed$[JavaCheck] signature is wrong$[JavaCheck] size is null$[JavaCheck] ver query value function call failed$[JavaCheck] verSize is zero
                                                                                                                                                                                                      • API String ID: 3090292024-659594993
                                                                                                                                                                                                      • Opcode ID: b238e4e401ab408ac08868c35ea84dbea96f41ccb52c7d8026813db1d3661ed5
                                                                                                                                                                                                      • Instruction ID: e9df1de767c2590104f53de259467ecdf45ad868961e4cb8ea51a9e389dbc30a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b238e4e401ab408ac08868c35ea84dbea96f41ccb52c7d8026813db1d3661ed5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C531D176544305B9EB10AF968E039AEBB75AE00744F30083FFA40751C1DBBC4971A66E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040D130 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 346COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040D21B
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _printf.LIBCMT ref: 0040D265
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap_fprintf_malloc_printf_raise
                                                                                                                                                                                                      • String ID: .\src\pk\rsa\rsa_verify_hash.c$1) RSA Decode failed$2) RSA Decode failed$Doing PSS decode$hash != NULL$key != NULL$sig != NULL$stat != NULL
                                                                                                                                                                                                      • API String ID: 4017016946-912064638
                                                                                                                                                                                                      • Opcode ID: a81cbf3384250f88c6d327f226e46453d8cd68640290efc2f8dfaac446f5c289
                                                                                                                                                                                                      • Instruction ID: 65750a28bb679d1847d3f149cda7460eeadf1eb8203ceb11939edaac5ce0d3f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a81cbf3384250f88c6d327f226e46453d8cd68640290efc2f8dfaac446f5c289
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29C129B2D043419BD7309EA9DC4076BB7E0EB94318F14493FF984A7381EA39D94C8B5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004056BB Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 104networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InternetQueryOptionA.WININET(00000000,00000029,00000000,?), ref: 004056D3
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004056DF
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • InternetQueryOptionA.WININET(00405E99,00000026,00000000,000003E8), ref: 004056FD
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00405E99), ref: 00405703
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [HttpDownloader] Detected proxy: %d '%s' '%s', xrefs: 00405734
                                                                                                                                                                                                      • [HttpDownloader] InternetQueryOption failed! (%d), xrefs: 0040570A
                                                                                                                                                                                                      • [HttpDownloader] Direct connection (no proxy) found., xrefs: 00405721
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InternetOptionQueryTimetime$AllocateErrorHeapLast_fprintf_malloc_printf_vfprintf
                                                                                                                                                                                                      • String ID: [HttpDownloader] Detected proxy: %d '%s' '%s'$[HttpDownloader] Direct connection (no proxy) found.$[HttpDownloader] InternetQueryOption failed! (%d)
                                                                                                                                                                                                      • API String ID: 585731006-2291734649
                                                                                                                                                                                                      • Opcode ID: f1ef3e5a9e362d1cf9ae491d3397527b093ffe62ad791e8fa405aea17fb9fb55
                                                                                                                                                                                                      • Instruction ID: ea144dcd614b41da749c4441269072c708e546aee83254abf31021ee933dddad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1ef3e5a9e362d1cf9ae491d3397527b093ffe62ad791e8fa405aea17fb9fb55
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1121AEB6500705BEE6147BA6EC82DBB63ADDF80368B20042FF544EA1C1DE7D9C815A2D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406B62 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,00405EC9,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406BD3
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00405EC9,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406C45
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406C4F
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406C67
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406CA3
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,00405EC9,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406CAD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [RB %d] [Write] Failed to write data into buffer., xrefs: 00406C9E
                                                                                                                                                                                                      • [RB %d] [Write] Waiting as not enough space for data... (length:%d > available:%d, start:%d, end:%d), xrefs: 00406BAF
                                                                                                                                                                                                      • [RB %d] [Write] Wrote %d..., xrefs: 00406C62
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$Leave_printf$EnterEvent
                                                                                                                                                                                                      • String ID: [RB %d] [Write] Failed to write data into buffer.$[RB %d] [Write] Waiting as not enough space for data... (length:%d > available:%d, start:%d, end:%d)$[RB %d] [Write] Wrote %d...
                                                                                                                                                                                                      • API String ID: 1119540550-3499860133
                                                                                                                                                                                                      • Opcode ID: c894d13a45427c0d0ac1f7c794160ca50705e1ca0481fcfa98a68f99e4a2198f
                                                                                                                                                                                                      • Instruction ID: 41d76ff5738d04b2c298501b8353616c397f97e4fed0e063368e89baa92390d3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c894d13a45427c0d0ac1f7c794160ca50705e1ca0481fcfa98a68f99e4a2198f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6741DE71604704EFDB209FA5DC8596AB7B5FB04304B104A3EF496A22A1EB74ED24DB18
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406CB8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 121synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406CE4
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,0000C800,0000C800,?,?,?,00406EFF,?), ref: 00406CFC
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00406EFF,000000FF,?,?,?,00406EFF,?), ref: 00406D07
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,00406EFF,?), ref: 00406D0E
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406D37
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406DAA
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406DFB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [RB %d] [Read] Closing..., xrefs: 00406D32
                                                                                                                                                                                                      • [RB %d] [Read] POST Available: %d (start:%d end%d), xrefs: 00406DF6
                                                                                                                                                                                                      • [RB %d] [Read] PRE Available: %d (start:%d end%d), xrefs: 00406CDF
                                                                                                                                                                                                      • [RB %d] [Read] Failed to read data into buffer., xrefs: 00406DA5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _printf$CriticalSection$EnterLeaveObjectSingleWait
                                                                                                                                                                                                      • String ID: [RB %d] [Read] Closing...$[RB %d] [Read] Failed to read data into buffer.$[RB %d] [Read] POST Available: %d (start:%d end%d)$[RB %d] [Read] PRE Available: %d (start:%d end%d)
                                                                                                                                                                                                      • API String ID: 1500452976-4244697949
                                                                                                                                                                                                      • Opcode ID: eb291c7f4e3d337df4e6ab6c0fe1eadae5273d0814db3ca66e81a53195e21a77
                                                                                                                                                                                                      • Instruction ID: ab471908fda3e01a27444be9a688ca315098cec148010d7786c7bf90cb8f55c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb291c7f4e3d337df4e6ab6c0fe1eadae5273d0814db3ca66e81a53195e21a77
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71410031600300EFDB219F65DC41A6BB7B2EF44314F11493FF426A2291DB39E9A4CB59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00409BE9 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 115COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _getenv.LIBCMT ref: 00409C09
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00409C2D
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00409C65
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • SetEntriesInAclA.ADVAPI32(?,00000000,00000000,?), ref: 00409CAC
                                                                                                                                                                                                      • SetNamedSecurityInfoA.ADVAPI32(?,00000001,80000004,00000000,00000000,?,00000000), ref: 00409CD0
                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00409CFF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateEntriesFreeHeapInfoLocalNamedSecurity_getenv_malloc_memset
                                                                                                                                                                                                      • String ID: KG@$KG@$PROGRAMDATA$SetEntriesInAcl Error %u$SetNamedSecurityInfo Error %u
                                                                                                                                                                                                      • API String ID: 3557209262-287931444
                                                                                                                                                                                                      • Opcode ID: cd1c33a5fceb52ee15133eb41991deddd8770c12ea714a54c27cc4f792540b56
                                                                                                                                                                                                      • Instruction ID: 6de4b575ce852b5231762dd77f5dd22f878a4438759220a2fbbf6a8bc257aeb6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd1c33a5fceb52ee15133eb41991deddd8770c12ea714a54c27cc4f792540b56
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C331BE72D04218ABDF209F95D945ADEBBB5EB84710F20412BF915B7281DB341E44CB98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00402E26 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 55libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(shell32.dll,00001388,00000000,00403C2C), ref: 00402E4A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,[Extractor] Finding procedure address for SetCurrentProcessExplicitAppUserModelID), ref: 00402E68
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00402EB6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • SetCurrentProcessExplicitAppUserModelID, xrefs: 00402E60, 00402E9D
                                                                                                                                                                                                      • [Extractor] Asked to set the Windows APP ID to '%s', xrefs: 00402E2E
                                                                                                                                                                                                      • [Extractor] Loading shell32, xrefs: 00402E38
                                                                                                                                                                                                      • [Extractor] Set App ID OK, xrefs: 00402E91
                                                                                                                                                                                                      • shell32.dll, xrefs: 00402E45
                                                                                                                                                                                                      • [Extractor] Finding procedure address for SetCurrentProcessExplicitAppUserModelID, xrefs: 00402E56
                                                                                                                                                                                                      • [Extractor] Setting app ID to %S (%s), xrefs: 00402E7D
                                                                                                                                                                                                      • Extractor, xrefs: 00402EA2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LibraryTimetime$AddressFreeLoadProc_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Extractor$SetCurrentProcessExplicitAppUserModelID$[Extractor] Asked to set the Windows APP ID to '%s'$[Extractor] Finding procedure address for SetCurrentProcessExplicitAppUserModelID$[Extractor] Loading shell32$[Extractor] Set App ID OK$[Extractor] Setting app ID to %S (%s)$shell32.dll
                                                                                                                                                                                                      • API String ID: 1577117509-3834172513
                                                                                                                                                                                                      • Opcode ID: dc385623182ecd36dd72d45431130ab010065838eb45d84f14ae8004d485b2aa
                                                                                                                                                                                                      • Instruction ID: d0209f99f3c503657ac0300486f257f2d872554b4188c86bfd1470cc11e4f1c9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc385623182ecd36dd72d45431130ab010065838eb45d84f14ae8004d485b2aa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED01D6B66803057EF10837A2AD8BD6B6A5CCD01768B20113FFA45751C2AEFD5824407F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401A74 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 169COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 00401099
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010CA
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strlen.LIBCMT ref: 004010D9
                                                                                                                                                                                                        • Part of subcall function 0040107C: _malloc.LIBCMT ref: 004010E3
                                                                                                                                                                                                        • Part of subcall function 0040107C: _strcat.LIBCMT ref: 004010F9
                                                                                                                                                                                                        • Part of subcall function 0040107C: __findfirst64i32.LIBCMT ref: 00401110
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00401AEC
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                      • __fread_nolock.LIBCMT ref: 00401C16
                                                                                                                                                                                                      • _fwrite.LIBCMT ref: 00401C2E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [CopyFolder] *************************** Failed to copy %s to %s, xrefs: 00401B92
                                                                                                                                                                                                      • [CopyFolder] *************************** Failed to copy %s to %s (could not create target folder), xrefs: 00401C6E
                                                                                                                                                                                                      • [CopyFolder] *************************** Unable to open destination file for copy %s, xrefs: 00401CAF
                                                                                                                                                                                                      • [CopyFolder] Copying FILE %s, xrefs: 00401BBA
                                                                                                                                                                                                      • [CopyFolder] SourceDir from '%s' is NULL, xrefs: 00401AB2
                                                                                                                                                                                                      • [CopyFolder] *************************** Unable to open source file for copy %s, xrefs: 00401C94
                                                                                                                                                                                                      • [CopyFolder] Copying DIR %s, xrefs: 00401B42
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$Time_malloctime$__findfirst64i32__fread_nolock__fsopen_fprintf_fwrite_printf_strcat_vfprintf
                                                                                                                                                                                                      • String ID: [CopyFolder] *************************** Failed to copy %s to %s$[CopyFolder] *************************** Failed to copy %s to %s (could not create target folder)$[CopyFolder] *************************** Unable to open destination file for copy %s$[CopyFolder] *************************** Unable to open source file for copy %s$[CopyFolder] Copying DIR %s$[CopyFolder] Copying FILE %s$[CopyFolder] SourceDir from '%s' is NULL
                                                                                                                                                                                                      • API String ID: 227987368-3443057891
                                                                                                                                                                                                      • Opcode ID: 256243f434a9a0764d81ea9746f32418a009093a6c43427425c926d5cfabe022
                                                                                                                                                                                                      • Instruction ID: 83daa83563733690be39d023c4dafcd4b516c5d7025e13cda06364ead66753bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 256243f434a9a0764d81ea9746f32418a009093a6c43427425c926d5cfabe022
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D51D532D442189AEF21AA658C459EE73F8EF04354F1000FFF908B72D1EA7C9E944B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004075CA Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 110processCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                        • Part of subcall function 0041A1C4: _flsall.LIBCMT ref: 0041A1D8
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00407683
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00407695
                                                                                                                                                                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 004076BA
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,?,00402B9B), ref: 004076C4
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000001,?,00402B9B), ref: 00407711
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000001,?,00402B9B), ref: 00407719
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Spawner] Executing command '%s', xrefs: 0040765E
                                                                                                                                                                                                      • [Spawner] Create process seems to have worked, xrefs: 004076EB
                                                                                                                                                                                                      • [Spawner] Constructing command..., xrefs: 004075E5
                                                                                                                                                                                                      • CreateProcess failed (%d)., xrefs: 004076CB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleTime_memsettime$CreateErrorLastProcess_flsall_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: CreateProcess failed (%d).$[Spawner] Constructing command...$[Spawner] Create process seems to have worked$[Spawner] Executing command '%s'
                                                                                                                                                                                                      • API String ID: 1013093221-680056868
                                                                                                                                                                                                      • Opcode ID: 47779cca8bb7cdaf4b488cb32fab6d815581f71f37806df83aa190fc9bd4f92f
                                                                                                                                                                                                      • Instruction ID: d76f23c0a94471f42a7e94e5132f6885997504f05d1005a87a2527ceaa4e6fff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47779cca8bb7cdaf4b488cb32fab6d815581f71f37806df83aa190fc9bd4f92f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0631BCB2C503186AFB10ABA59C46EEE737CDB04718F0445AFB104A21C2D67C9ED44B5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401439 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 65libraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,0040145F), ref: 0040189D
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetProcAddress.KERNEL32(00000000), ref: 004018A4
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetCurrentProcess.KERNEL32(00000000,?,?,?,0040145F), ref: 004018B4
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?), ref: 004014A0
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 004014C0
                                                                                                                                                                                                        • Part of subcall function 004092EF: GetLastError.KERNEL32(00000000,00000001,?,?,?,00405A58,HttpDownloader,CrackURL), ref: 004092F6
                                                                                                                                                                                                        • Part of subcall function 004092EF: FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409312
                                                                                                                                                                                                        • Part of subcall function 004092EF: lstrlenA.KERNEL32(?,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409321
                                                                                                                                                                                                        • Part of subcall function 004092EF: lstrlenA.KERNEL32(XZ@,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409328
                                                                                                                                                                                                        • Part of subcall function 004092EF: LocalAlloc.KERNEL32(00000040,00000028,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409331
                                                                                                                                                                                                        • Part of subcall function 004092EF: LocalFree.KERNEL32(?,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409359
                                                                                                                                                                                                        • Part of subcall function 004092EF: LocalFree.KERNEL32(00000000,?,?,00405A58,HttpDownloader,CrackURL), ref: 0040935C
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor] Located existing JW DLL: %s, xrefs: 00401491
                                                                                                                                                                                                      • [Extractor] Successfully loaded DLL. JW looks good., xrefs: 004014B3
                                                                                                                                                                                                      • jwutils_win64.dll, xrefs: 00401470
                                                                                                                                                                                                      • jwutils_win32.dll, xrefs: 00401469
                                                                                                                                                                                                      • [Extractor] [SEVERE] Unable to load existing JW dll., xrefs: 004014DA
                                                                                                                                                                                                      • [Extractor] [SEVERE] Unable to locate existing JW dll., xrefs: 004014E9
                                                                                                                                                                                                      • LoadLibrary, xrefs: 004014CB
                                                                                                                                                                                                      • Extractor, xrefs: 004014D0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLocal$LibraryTimelstrlentime$AddressAllocCurrentErrorFormatHandleLastLoadMessageModuleProcProcess_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Extractor$LoadLibrary$[Extractor] Located existing JW DLL: %s$[Extractor] Successfully loaded DLL. JW looks good.$[Extractor] [SEVERE] Unable to load existing JW dll.$[Extractor] [SEVERE] Unable to locate existing JW dll.$jwutils_win32.dll$jwutils_win64.dll
                                                                                                                                                                                                      • API String ID: 3286917337-39971089
                                                                                                                                                                                                      • Opcode ID: c086b8955b969dd4f542b140981f1d498e3a9776ebb23ccf09d6941611f09328
                                                                                                                                                                                                      • Instruction ID: bb5de34268ac7ed514331779d48d66edf622abe2f8ddaa86fccacbd021cf9575
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c086b8955b969dd4f542b140981f1d498e3a9776ebb23ccf09d6941611f09328
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF11CAB2A443146AC614B7669C03AEF73989F09758F10107FBC09F71D1DEBCAE4845AE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00405627 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00405640
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00405650
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00405661
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00405669
                                                                                                                                                                                                      • _strcat.LIBCMT ref: 0040567B
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040568B
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00405693
                                                                                                                                                                                                      • _strcat.LIBCMT ref: 004056A6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [HttpDownloader] No existing proxy settings found, so saving., xrefs: 00405633
                                                                                                                                                                                                      • [HttpDownloader] Asked to save working proxy settings, but settings already exist, so skipping., xrefs: 004056AE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$Time_strcat_strlentime$AllocateHeap_fprintf_memset_printf_vfprintf
                                                                                                                                                                                                      • String ID: [HttpDownloader] Asked to save working proxy settings, but settings already exist, so skipping.$[HttpDownloader] No existing proxy settings found, so saving.
                                                                                                                                                                                                      • API String ID: 1628126115-1235905751
                                                                                                                                                                                                      • Opcode ID: a5f88bc19e15971cd2696331d0d0a7ddcc3a46098fe68b825712e031f05033fb
                                                                                                                                                                                                      • Instruction ID: 710767c046e98b9cb00137eceafadf306d07d28affac94e766cb52a8d67283a4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5f88bc19e15971cd2696331d0d0a7ddcc3a46098fe68b825712e031f05033fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9012D714453046EEB446F65EC06B7A3769EF44329F20802FF9189E1D2DE7D98D48A0D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00410100 Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 485COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 004101B9
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 004101D2
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _calloc$_fprintf_raise
                                                                                                                                                                                                      • String ID: .\src\pk\ecc\ltc_ecc_mul2add.c$A != NULL$B != NULL$C != NULL$kA != NULL$kB != NULL$modulus != NULL
                                                                                                                                                                                                      • API String ID: 893421908-1244288955
                                                                                                                                                                                                      • Opcode ID: 2306322230209f7a274bfb182e9b6e3119d24a9e2d3d5d49d251ec8fc49598c0
                                                                                                                                                                                                      • Instruction ID: 8c646230bcc43039f511eb08dd8f1eea5b91c01325a39d20c5cee7d4644d8190
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2306322230209f7a274bfb182e9b6e3119d24a9e2d3d5d49d251ec8fc49598c0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36F1B1B2A483009BD320DF14D845BABB7E4EBC8714F04492DFD9597341E7B9EC808BA6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406E09 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 83synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,0040885C,00000000,00000000,00000000,?,?,00000400,00000000,00408A1E), ref: 00406E20
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406E4C
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,0040885C,00000000,00000000,00000000,?,?,00000400,00000000,00408A1E,?,00000400,?), ref: 00406E56
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,0040885C,00000000,00000000,00000000,?,?,00000400,00000000,00408A1E,?,00000400), ref: 00406E5D
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,0040885C,00000000,00000000,00000000,?,?,00000400,00000000,00408A1E,?,00000400,?), ref: 00406E66
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,0040885C,00000000,00000000,00000000,?,?,00000400,00000000,00408A1E,?,00000400,?), ref: 00406EB3
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,0040885C,00000000,00000000,00000000,?,?,00000400,00000000,00408A1E,?,00000400,?), ref: 00406EC3
                                                                                                                                                                                                        • Part of subcall function 00406CB8: _printf.LIBCMT ref: 00406CE4
                                                                                                                                                                                                        • Part of subcall function 00406CB8: LeaveCriticalSection.KERNEL32(?,0000C800,0000C800,?,?,?,00406EFF,?), ref: 00406CFC
                                                                                                                                                                                                        • Part of subcall function 00406CB8: WaitForSingleObject.KERNEL32(00406EFF,000000FF,?,?,?,00406EFF,?), ref: 00406D07
                                                                                                                                                                                                        • Part of subcall function 00406CB8: EnterCriticalSection.KERNEL32(?,?,?,?,00406EFF,?), ref: 00406D0E
                                                                                                                                                                                                        • Part of subcall function 00406CB8: _printf.LIBCMT ref: 00406D37
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,?,?,0040885C,00000000,00000000,00000000,?,?,00000400,00000000,00408A1E,?,00000400,?), ref: 00406EDB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [RB %d] [ReadUntil] Waiting as no data (readUntil)..., xrefs: 00406E47
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$Leave$Enter_printf$ObjectSingleWait$Event
                                                                                                                                                                                                      • String ID: [RB %d] [ReadUntil] Waiting as no data (readUntil)...
                                                                                                                                                                                                      • API String ID: 273989684-4143400687
                                                                                                                                                                                                      • Opcode ID: 0a63a768ed939f8f96c9254b391cde96d030ebf8c606c4806a2b94fd26de847a
                                                                                                                                                                                                      • Instruction ID: db6cd038d0614f57725b8e3520b024f0de40e857be69da548215051f0e363186
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a63a768ed939f8f96c9254b391cde96d030ebf8c606c4806a2b94fd26de847a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3721A535500305EFDF259B64DC05A6FB7B5EF00320F22067FE412A22E0D779AE659B99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A1E8 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 83timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • timeGetTime.WINMM(00440074,update_url,00000000), ref: 0040A206
                                                                                                                                                                                                      • _fprintf.LIBCMT ref: 0040A248
                                                                                                                                                                                                      • _vfprintf.LIBCMT ref: 0040A25A
                                                                                                                                                                                                      • _printf.LIBCMT ref: 0040A277
                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0040A2AB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: *******************************************$+%-8llu $update_url
                                                                                                                                                                                                      • API String ID: 637597662-3287114561
                                                                                                                                                                                                      • Opcode ID: 630003cec9e8e95ff80f357e61abc96e2f05b75fa3f96b6fe02ed2c3eb252c50
                                                                                                                                                                                                      • Instruction ID: f724549ce7930c03642780c0e2e14689add49ee2fe0d3a167637bf732a1cfec7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 630003cec9e8e95ff80f357e61abc96e2f05b75fa3f96b6fe02ed2c3eb252c50
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C521AEB38083046BDB00BF62FC46A9E77A9AB54725F04047FF40496293DB79DD548AAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040EED0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 337COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$_fprintf_raise
                                                                                                                                                                                                      • String ID: .\src\pk\pkcs1\pkcs_1_pss_decode.c$msghash != NULL$res != NULL
                                                                                                                                                                                                      • API String ID: 3868165604-1161187645
                                                                                                                                                                                                      • Opcode ID: 8dc07e7adacb6f7796221910e25db2c6f2f3d87730c72103ceb66190b51fb0b5
                                                                                                                                                                                                      • Instruction ID: ebc7624f14a6f925d23664aba2357d5f0bfa10536a5fbfadc69d7126af9608c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dc07e7adacb6f7796221910e25db2c6f2f3d87730c72103ceb66190b51fb0b5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CB105B2A043015BC725DE78C841A6B77E5BF98314F080A7EF884A7781EB39EC04C796
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004098AB Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [DeleteFolder] Deleting from '%s' is NULL, xrefs: 004098DA
                                                                                                                                                                                                      • ***********************************************************************, xrefs: 004098C3
                                                                                                                                                                                                      • Deleting FILE %s, xrefs: 0040997C
                                                                                                                                                                                                      • Deleting DIR %s, xrefs: 00409943
                                                                                                                                                                                                      • Failed to delete %s, xrefs: 00409967
                                                                                                                                                                                                      • Failed to delete file %s, xrefs: 004099A0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time_malloc_strlentime$__findfirst64i32_fprintf_printf_strcat_vfprintf
                                                                                                                                                                                                      • String ID: ***********************************************************************$Deleting DIR %s$Deleting FILE %s$Failed to delete %s$Failed to delete file %s$[DeleteFolder] Deleting from '%s' is NULL
                                                                                                                                                                                                      • API String ID: 371140694-1676767857
                                                                                                                                                                                                      • Opcode ID: 26c4e21f4f82fd0d92bc75384ac235ea119c31255c4644a29faa1c7fb6ff3ee5
                                                                                                                                                                                                      • Instruction ID: c2e692a8dbfb21bf866a3813dfd1b5a9eb6c648a378c7427d7d2c5912b1db845
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26c4e21f4f82fd0d92bc75384ac235ea119c31255c4644a29faa1c7fb6ff3ee5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E21B8769002045AFB20A6769D42AEF73AC8F45318F1004BFF548F62C3D97D9E45465A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406EE3 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0000C800,00000000,00000000,0000C800,00409288,?,0000C800), ref: 00406EEC
                                                                                                                                                                                                        • Part of subcall function 00406CB8: _printf.LIBCMT ref: 00406CE4
                                                                                                                                                                                                        • Part of subcall function 00406CB8: LeaveCriticalSection.KERNEL32(?,0000C800,0000C800,?,?,?,00406EFF,?), ref: 00406CFC
                                                                                                                                                                                                        • Part of subcall function 00406CB8: WaitForSingleObject.KERNEL32(00406EFF,000000FF,?,?,?,00406EFF,?), ref: 00406D07
                                                                                                                                                                                                        • Part of subcall function 00406CB8: EnterCriticalSection.KERNEL32(?,?,?,?,00406EFF,?), ref: 00406D0E
                                                                                                                                                                                                        • Part of subcall function 00406CB8: _printf.LIBCMT ref: 00406D37
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406F15
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 00406F20
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0000C800), ref: 00406F27
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406F3E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [RB %d] [Read] RingBuffer_read DONE, xrefs: 00406F39
                                                                                                                                                                                                      • [RB %d] [Read] RingBuffer_read %d..., xrefs: 00406F10
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection_printf$EnterLeave$EventObjectSingleWait
                                                                                                                                                                                                      • String ID: [RB %d] [Read] RingBuffer_read %d...$[RB %d] [Read] RingBuffer_read DONE
                                                                                                                                                                                                      • API String ID: 4180503922-4008446204
                                                                                                                                                                                                      • Opcode ID: bafde46eb49a2c1d4222b221faecdb138631a7cce4f8c0732bf8ad0cea6841a3
                                                                                                                                                                                                      • Instruction ID: c2b23cdd8aa72b090ec66ad8d602a3e534d2cf4eaa185e34a00805c8c3e30adf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bafde46eb49a2c1d4222b221faecdb138631a7cce4f8c0732bf8ad0cea6841a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86F09032108300EFE7166B51BC4AA57BBF9FB84755F11093FF141A00A1DFBA9C689B69
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004084B6 Relevance: 10.6, APIs: 7, Instructions: 87threadsynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004084C1
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                        • Part of subcall function 00406A95: _calloc.LIBCMT ref: 00406AA0
                                                                                                                                                                                                        • Part of subcall function 00406A95: _calloc.LIBCMT ref: 00406AB9
                                                                                                                                                                                                        • Part of subcall function 00406A95: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406AD4
                                                                                                                                                                                                        • Part of subcall function 00406A95: CreateEventA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?), ref: 00406ADE
                                                                                                                                                                                                        • Part of subcall function 00406A95: InitializeCriticalSection.KERNEL32(00000020,?,?,?,00000000,?,?,?,?,?,?,00000000,?,00000000,[Unarchiver] Extracting %s (::%ld from %s),00000000), ref: 00406AE7
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 004084EA
                                                                                                                                                                                                        • Part of subcall function 0041C794: __calloc_impl.LIBCMT ref: 0041C7A7
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 00408500
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0000820D,00000000,00000000,00000000), ref: 0040852A
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00008247,00000000,00000000,00000000), ref: 0040853B
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0000827C,00000000,00000000,00000000), ref: 0040854D
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?,00000000,00001388,00000000,?,[JREDownload] Extracting JRE archive to %s,?), ref: 00408558
                                                                                                                                                                                                        • Part of subcall function 00406AF3: EnterCriticalSection.KERNEL32(?,?,00405FBA,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406AF8
                                                                                                                                                                                                        • Part of subcall function 00406AF3: _printf.LIBCMT ref: 00406B15
                                                                                                                                                                                                        • Part of subcall function 00406AF3: SetEvent.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B2D
                                                                                                                                                                                                        • Part of subcall function 00406AF3: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B32
                                                                                                                                                                                                        • Part of subcall function 00406AF3: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B35
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Create$Event_calloc$CriticalSectionThread$AllocateEnterHeapInitializeLeaveObjectSingleWait__calloc_impl_malloc_printf
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2394920497-0
                                                                                                                                                                                                      • Opcode ID: 9ccb3c410b3afae33fdaa22e7e144e7ac9f1fc06bee37fd7185d27323d2f84e9
                                                                                                                                                                                                      • Instruction ID: 34fc48720bbb5389275a881dfaa26741cf3555645f91564232d98d9598ffcee3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ccb3c410b3afae33fdaa22e7e144e7ac9f1fc06bee37fd7185d27323d2f84e9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25218271E00254BBCB10EFA68C85E9BBFB8EB85714F14846FF514BB2C1D6B45940CB64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A137 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                      • _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                      • _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                      • _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: +%-8llu
                                                                                                                                                                                                      • API String ID: 637597662-801342841
                                                                                                                                                                                                      • Opcode ID: db7fc1097add5ee9168d5aa8e14f5ec6c6b2e3453ba9e678fbfc779b6e9e91dc
                                                                                                                                                                                                      • Instruction ID: 069faf173d7f4dd28c5ce0e080687834874f9153b373a01e19c3d335cd0876d8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: db7fc1097add5ee9168d5aa8e14f5ec6c6b2e3453ba9e678fbfc779b6e9e91dc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E211E7B2904308BFDB00AFA6EC86E9E77ADEB48315B04407BF504D2262D6789D40865C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00409363 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 52libraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A031: _strlen.LIBCMT ref: 0040A042
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(00000000,?,004094D2,?), ref: 004093BE
                                                                                                                                                                                                        • Part of subcall function 004092EF: GetLastError.KERNEL32(00000000,00000001,?,?,?,00405A58,HttpDownloader,CrackURL), ref: 004092F6
                                                                                                                                                                                                        • Part of subcall function 004092EF: FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409312
                                                                                                                                                                                                        • Part of subcall function 004092EF: lstrlenA.KERNEL32(?,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409321
                                                                                                                                                                                                        • Part of subcall function 004092EF: lstrlenA.KERNEL32(XZ@,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409328
                                                                                                                                                                                                        • Part of subcall function 004092EF: LocalAlloc.KERNEL32(00000040,00000028,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409331
                                                                                                                                                                                                        • Part of subcall function 004092EF: LocalFree.KERNEL32(?,?,?,00405A58,HttpDownloader,CrackURL), ref: 00409359
                                                                                                                                                                                                        • Part of subcall function 004092EF: LocalFree.KERNEL32(00000000,?,?,00405A58,HttpDownloader,CrackURL), ref: 0040935C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Utils] Located dependent DLL (%s) does NOT exist, xrefs: 004093EC
                                                                                                                                                                                                      • Utils, xrefs: 004093D3
                                                                                                                                                                                                      • [Extractor] [SEVERE] Unable to load dependent DLL., xrefs: 004093DD
                                                                                                                                                                                                      • [Utils] Located dependent DLL (%s), xrefs: 004093AF
                                                                                                                                                                                                      • LoadLibrary, xrefs: 004093CE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Local$FreeTimelstrlentime$AllocErrorFormatLastLibraryLoadMessage_fprintf_printf_strlen_vfprintf
                                                                                                                                                                                                      • String ID: LoadLibrary$Utils$[Extractor] [SEVERE] Unable to load dependent DLL.$[Utils] Located dependent DLL (%s)$[Utils] Located dependent DLL (%s) does NOT exist
                                                                                                                                                                                                      • API String ID: 1470532766-899080336
                                                                                                                                                                                                      • Opcode ID: e6d8876b45fbf468b05f8672029c1c0701e8efc16b1e96ffde94d852845a301d
                                                                                                                                                                                                      • Instruction ID: 16203b9a5eebbb768324d32b836e6ab252f7f5a1bf3d4b1ed235055f80c72ecb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6d8876b45fbf468b05f8672029c1c0701e8efc16b1e96ffde94d852845a301d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59014471A043185BDB14AB699D42ADE77E89F09714F1000BFB80DF22C2DDB89A448A5E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004088FC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00408905
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040890E
                                                                                                                                                                                                      • _strncmp.LIBCMT ref: 0040891B
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time_strlentime$_fprintf_printf_strncmp_vfprintf
                                                                                                                                                                                                      • String ID: DigitalSignature1$[Unarchiver] Found special block %s$jwArcSpBlock_
                                                                                                                                                                                                      • API String ID: 1658449808-372556591
                                                                                                                                                                                                      • Opcode ID: 6ffcc2d24b8f89c4e837bb81b9a1ffbdeff4c348dd09ad6bf4b7aafccb06a65e
                                                                                                                                                                                                      • Instruction ID: 3252ac4f36724f2929071153c0551e292572a37ab9525187efb5af0a163445d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ffcc2d24b8f89c4e837bb81b9a1ffbdeff4c348dd09ad6bf4b7aafccb06a65e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5E092E7A1121134E51031772D47EA7855CC9D2B6D720053FF842E11C2FC6C884100BE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406AF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00405FBA,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406AF8
                                                                                                                                                                                                      • _printf.LIBCMT ref: 00406B15
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B2D
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B32
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,[HttpDownloader] [%s] [4] Starting download...,?), ref: 00406B35
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalEventSection$EnterLeave_printf
                                                                                                                                                                                                      • String ID: [RB %d] Closing
                                                                                                                                                                                                      • API String ID: 3547880701-2278673757
                                                                                                                                                                                                      • Opcode ID: edc0cf3da32e9e7acd9ac7815692375fcff44ee99eba5ccb10f08907d8ab57b1
                                                                                                                                                                                                      • Instruction ID: 2e7531e6713b3dc6ce2f9b485a86705259beedd07e5a4d1ac8c6712dbb900ef2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: edc0cf3da32e9e7acd9ac7815692375fcff44ee99eba5ccb10f08907d8ab57b1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CE03972100700EFD7316F61EC49F47BBB5FB84711F11192EF042415A28B7AA498CA69
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040CD70 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 315COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 0040CE36
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _calloc_fprintf_raise
                                                                                                                                                                                                      • String ID: .\src\pk\rsa\rsa_import.c$in != NULL$key != NULL$ltc_mp.name != NULL
                                                                                                                                                                                                      • API String ID: 3503205528-57896725
                                                                                                                                                                                                      • Opcode ID: ee5e645e1ef5138d5c9b272786a4c66e46f1c787b0ce0f24f36550979df949fc
                                                                                                                                                                                                      • Instruction ID: f85e88e3c06f4b165602df884db017daa5f3b52a539e69da205cc7dc726afab5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee5e645e1ef5138d5c9b272786a4c66e46f1c787b0ce0f24f36550979df949fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4B164B1644340AFD720CF55DC82F5BB7E5AB88B04F10892DFA48AB3C1D7B5A845CB96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004137B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 134COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00413814
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0041381C
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                        • Part of subcall function 00418D4A: __lock.LIBCMT ref: 00418D68
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_find_block.LIBCMT ref: 00418D73
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_free_block.LIBCMT ref: 00418D82
                                                                                                                                                                                                        • Part of subcall function 00418D4A: RtlFreeHeap.NTDLL(00000000,?,00445DA0,0000000C,0042173E,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D), ref: 00418DB2
                                                                                                                                                                                                        • Part of subcall function 00418D4A: GetLastError.KERNEL32(?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 00418DC3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$ErrorFreeHeapLast___sbh_find_block___sbh_free_block__lock_fprintf_raise
                                                                                                                                                                                                      • String ID: .\src\pk\pkcs1\pkcs_1_mgf1.c$mask != NULL$seed != NULL
                                                                                                                                                                                                      • API String ID: 670305242-3273853729
                                                                                                                                                                                                      • Opcode ID: 8b513b63e3a4adaea2ae672e8adac8ff8f5462024df6a92e1974a44bb3f44ac3
                                                                                                                                                                                                      • Instruction ID: 186d197629a55ec926fc895b43556141f08252ba15777aeeea3f27d655c4386a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b513b63e3a4adaea2ae672e8adac8ff8f5462024df6a92e1974a44bb3f44ac3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A041FA72E043419BD720AE299C42B9B76D8AB94716F04052EFC48A7341E67D9E88C7DB
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040613E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00406158
                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(?), ref: 0040616B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$MutexObjectReleaseSingleWait_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: State Proxy$[HttpDownloader] [State Proxy] +++ Start +++$[HttpDownloader] [State Proxy] Got lock - running now.
                                                                                                                                                                                                      • API String ID: 838292653-3227764253
                                                                                                                                                                                                      • Opcode ID: 2c639f0d0fffa52cf840435e157ae6d4ebfe9e777816f0bd8dfcb5925390cf70
                                                                                                                                                                                                      • Instruction ID: c6e62643e676a41af02bf7f4c96585d85f69dfbcf1e982702b2b04b8f4027244
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c639f0d0fffa52cf840435e157ae6d4ebfe9e777816f0bd8dfcb5925390cf70
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F0F4322402006AF635AF26DC0BF6AB775DF80731F25423FF894292E1DF791960899E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004015D5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 27COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004015DC
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                        • Part of subcall function 0040A031: _strlen.LIBCMT ref: 0040A042
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$AllocateHeap_fprintf_malloc_printf_strlen_vfprintf
                                                                                                                                                                                                      • String ID: [Locating UP200] %s$[Locating UP200] Result is %s$bin$unpack200.exe
                                                                                                                                                                                                      • API String ID: 2755855235-995364140
                                                                                                                                                                                                      • Opcode ID: 7a2c884c05b147ccfa0b4c77299216c7a45bbcc2c9e475c2bbf5e737220fe1a9
                                                                                                                                                                                                      • Instruction ID: 2a2c4741f558ebcfc23fcefc867f8167571ebc97c31a24996ebc790fa490c79b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a2c884c05b147ccfa0b4c77299216c7a45bbcc2c9e475c2bbf5e737220fe1a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97E04F77A8132429E51476A65C07E9B5A48DF197A5F20207FF848A51C2A9AC1C6441BB
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040188A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,0040145F), ref: 0040189D
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 004018A4
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,?,?,?,0040145F), ref: 004018B4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                      • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                      • API String ID: 4190356694-3789238822
                                                                                                                                                                                                      • Opcode ID: ce946c20f3e9a9a0277fd881ab0da891c3e6f9b9d5405684be4b86e2bb15feef
                                                                                                                                                                                                      • Instruction ID: bb5cd04d26e75ecd9dde842281097b533db216417d28ad20325039a1e0a90b9c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce946c20f3e9a9a0277fd881ab0da891c3e6f9b9d5405684be4b86e2bb15feef
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1E04F32D01328FBDB14A7F49D0EA8FBABCDB04755F11557AB501E3151DA78CA088AA8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00405189 Relevance: 7.5, APIs: 5, Instructions: 23threadsynchronizationwindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PostThreadMessageA.USER32(00000012), ref: 0040519D
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00002328), ref: 004051AE
                                                                                                                                                                                                      • TerminateThread.KERNEL32(000008AE), ref: 004051C6
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 004051D9
                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 004051E1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleThread$MessageObjectPostSingleTerminateWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 803186428-0
                                                                                                                                                                                                      • Opcode ID: 7713c3d9271add45576969ee4efefb84c0c97393856a2fbeb52f7fda0c20408f
                                                                                                                                                                                                      • Instruction ID: 350cd83842e18c61e91247dc5f372d34e5893217033394acf1be0367b635edc9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7713c3d9271add45576969ee4efefb84c0c97393856a2fbeb52f7fda0c20408f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73F0C939544314ABDB115B20FDCDA4A7FB6F706711F55407AF144A50B2CF750C94EB58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401742 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 0040175C
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004017B8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor] Base64 deconding failed as input_length is not aligned, xrefs: 00401784
                                                                                                                                                                                                      • [Extractor] Base64 deconding failed as malloc failed to init %d, xrefs: 004017C6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                      • String ID: [Extractor] Base64 deconding failed as input_length is not aligned$[Extractor] Base64 deconding failed as malloc failed to init %d
                                                                                                                                                                                                      • API String ID: 680241177-1210915368
                                                                                                                                                                                                      • Opcode ID: 6f1f283953bde8514022c0da07cd2fedf87b8df86cc4480d0328fc8082a657c1
                                                                                                                                                                                                      • Instruction ID: 23516e377c413b7aad6447379ef9d9091e78d853bdd714de587d51a6dcc32af6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f1f283953bde8514022c0da07cd2fedf87b8df86cc4480d0328fc8082a657c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5415B36D082458FD719DF6984806BE7FB5EF55344F2480BFC492EB2A2D638CA42CB59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401E1B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00401E26
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00401E4F
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00401E94
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor][Spawn][%d] %s, xrefs: 00401ED9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _malloc$AllocateHeap_strlen
                                                                                                                                                                                                      • String ID: [Extractor][Spawn][%d] %s
                                                                                                                                                                                                      • API String ID: 1607973474-2646570146
                                                                                                                                                                                                      • Opcode ID: 7edb55ef4fc34648a283942da82429f4e235f60b8df628bb07bd131c59545a79
                                                                                                                                                                                                      • Instruction ID: 4dddad2f08cc2ee8ba78d5a697e0375a741f10091910574fd5a806d601c97ca8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7edb55ef4fc34648a283942da82429f4e235f60b8df628bb07bd131c59545a79
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03316F32500218AFDB11DF59D881AAE3BE4EF89768F11406BFC49EB281DB74DC528BD5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401275 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • JWrapper-, xrefs: 004012E0
                                                                                                                                                                                                      • [Extractor] Performing repair..., xrefs: 004012C4
                                                                                                                                                                                                      • [Extractor] Performing reinstall..., xrefs: 004012A3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: JWrapper-$[Extractor] Performing reinstall...$[Extractor] Performing repair...
                                                                                                                                                                                                      • API String ID: 637597662-3862683605
                                                                                                                                                                                                      • Opcode ID: abd11e2ea6891602900ca9dfbb72dbcff66333cfa470a720e05bc39c81c12dde
                                                                                                                                                                                                      • Instruction ID: 28421eff581b08e31b39efd03fdb732031f958b7a9337e49d972221401e4ee24
                                                                                                                                                                                                      • Opcode Fuzzy Hash: abd11e2ea6891602900ca9dfbb72dbcff66333cfa470a720e05bc39c81c12dde
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3110C7690020566EB117BB69D42E9E73988F44318F24007FF940B62E3DE3DCC54466D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E490 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 0040E4D4
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                        • Part of subcall function 00418D4A: __lock.LIBCMT ref: 00418D68
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_find_block.LIBCMT ref: 00418D73
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_free_block.LIBCMT ref: 00418D82
                                                                                                                                                                                                        • Part of subcall function 00418D4A: RtlFreeHeap.NTDLL(00000000,?,00445DA0,0000000C,0042173E,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D), ref: 00418DB2
                                                                                                                                                                                                        • Part of subcall function 00418D4A: GetLastError.KERNEL32(?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 00418DC3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block__lock_calloc_fprintf_raise
                                                                                                                                                                                                      • String ID: .\src\math\ltm_desc.c$a != NULL$b != NULL
                                                                                                                                                                                                      • API String ID: 1161330448-3963858355
                                                                                                                                                                                                      • Opcode ID: aa75487b71558b703d5ce45b719e93c105e167b7cdf6c93facabea56d822638b
                                                                                                                                                                                                      • Instruction ID: 696548ddb1e17c39b067144e8fbbfd8ea332eb02f4ef8480b48b642bf80c81d7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa75487b71558b703d5ce45b719e93c105e167b7cdf6c93facabea56d822638b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF0AF72F4072122D611756A6C02B8BB3444BE0B65F15083FFA08BB3C1FAA898A002DE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00409858 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _sscanf.LIBCMT ref: 0040987D
                                                                                                                                                                                                        • Part of subcall function 0041C0B0: _vscan_fn.LIBCMT ref: 0041C0C5
                                                                                                                                                                                                      • _printf.LIBCMT ref: 0040989C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _printf_sscanf_vscan_fn
                                                                                                                                                                                                      • String ID: %2x$[Utils] ERROR - HexToBytes is writing too far! %d %d
                                                                                                                                                                                                      • API String ID: 364155489-551194212
                                                                                                                                                                                                      • Opcode ID: cdef04054a2cb4baf91c6c0c9881ebebb37f5661a574ffcff3f580e6c296ef1e
                                                                                                                                                                                                      • Instruction ID: f343295b61fe44d948a98f9f15f316b4e0dc7b47341c2a5c02e01ce491e70c32
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdef04054a2cb4baf91c6c0c9881ebebb37f5661a574ffcff3f580e6c296ef1e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6F0E236600248BBDB115E5BDC80ADA7F68EF86268F448037FD4CDA312D6359994C3E6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00405118 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35synchronizationthreadwindowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,0040605C,?,00404DFA), ref: 00405127
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00001388), ref: 0040515C
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • PostThreadMessageA.USER32(00000006,00000002,00000000,00000000), ref: 00405180
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Error starting SplashThread, xrefs: 00405169
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$CreateEventMessageObjectPostSingleThreadWait_fprintf_printf_vfprintf
                                                                                                                                                                                                      • String ID: Error starting SplashThread
                                                                                                                                                                                                      • API String ID: 3484307115-1334109510
                                                                                                                                                                                                      • Opcode ID: 0331ed9b92db0f5b4dd4153e88a775c3b8b6437e8814d7723b5ba9dbb2e10e24
                                                                                                                                                                                                      • Instruction ID: 7dabc361b37e7647089314167861e14712f0db76878f311b792ae8e0aca408ce
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0331ed9b92db0f5b4dd4153e88a775c3b8b6437e8814d7723b5ba9dbb2e10e24
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40F0FE759827207ADB212B25BDCEEC77EADDB12751B104037F504A41E19A780C81DADC
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00408689 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen
                                                                                                                                                                                                      • String ID: ^#@$update_url
                                                                                                                                                                                                      • API String ID: 4218353326-4112702463
                                                                                                                                                                                                      • Opcode ID: 6dc33f98e43567726aac569a1d6edd7da12cd0331d5f3f0895ccefe0fd39abef
                                                                                                                                                                                                      • Instruction ID: 29aa9205cb50ec5c712252a8e53492924c227a6922bde6490e28fd97fb59368e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6dc33f98e43567726aac569a1d6edd7da12cd0331d5f3f0895ccefe0fd39abef
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF0E231408351AEE711AB619984BAB7BC8DFC031CF15485FF88057342FB7E88008BA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401580 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00401587
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                        • Part of subcall function 0040A031: _strlen.LIBCMT ref: 0040A042
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap_malloc_strlen
                                                                                                                                                                                                      • String ID: bin$javaw.exe$windowslauncher.exe
                                                                                                                                                                                                      • API String ID: 188689777-2968423492
                                                                                                                                                                                                      • Opcode ID: 96c5ad4d50d7c22f958257bb5f958a29ca7bbfe90b328adff7c771a5c5e82a5a
                                                                                                                                                                                                      • Instruction ID: 2d0b57b188531bb5e9f88d50334f679f9dbd1b6eaf88e3228f80eb8f1005d52f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96c5ad4d50d7c22f958257bb5f958a29ca7bbfe90b328adff7c771a5c5e82a5a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9E0D83298530429CA203B676C02D4F7B989EC9764F04103FFC84B2292EA3C5955817F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042B926 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,00426C51), ref: 0042B92B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0042B93B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                                                                                                      • Opcode ID: 885622150f55d22fc9f355355e98a2f699fa3d88b24402572232f11bc1b49a76
                                                                                                                                                                                                      • Instruction ID: 8bd415c5ad23b2de3ba96646486877d1db170ca7a010bd8724c3a38ddf506262
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 885622150f55d22fc9f355355e98a2f699fa3d88b24402572232f11bc1b49a76
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AC012A0744310A5E91017712C097161228EF04B52F512026F12EE0190CF68C004A06D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042973D Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042976D
                                                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 004297A1
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,?,?,?,004237F1,?,?,00000002), ref: 004297D2
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,004237F1,?,?,00000002), ref: 00429840
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                                                      • Opcode ID: 2c404052e25db053ec66685c7f75331e0ec84db2c52f747ea9e0e5317559ec9d
                                                                                                                                                                                                      • Instruction ID: 331ecfa72669536f8e5636827a93230fa0c9f08b5c338aa035e0eeb1d96ca4c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c404052e25db053ec66685c7f75331e0ec84db2c52f747ea9e0e5317559ec9d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC31E531B20266EFDF10EFA4E8849AA7BA4FF41311F5445AAE4608B291D734DD40DB59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042B81A Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                                                      • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                                                                                                      • Instruction ID: 20b26e8e8a0574c4e9545832a40a7b09b7a5d1792cfb59c0112db72f30326b63
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E801433210015DBBCF166E85EC11CEE3F66FF18354B988856FE5855131C33AC971AB85
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004220F2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0042174D: __getptd_noexit.LIBCMT ref: 0042174E
                                                                                                                                                                                                        • Part of subcall function 0042174D: __amsg_exit.LIBCMT ref: 0042175B
                                                                                                                                                                                                      • __amsg_exit.LIBCMT ref: 0042211E
                                                                                                                                                                                                      • __lock.LIBCMT ref: 0042212E
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 0042214B
                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(009C1368), ref: 00422176
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2880340415-0
                                                                                                                                                                                                      • Opcode ID: 4192f3019c6b6dbdd4b8e5e41c74a5ad420c019a79ea80541ad400748c88ec26
                                                                                                                                                                                                      • Instruction ID: 32b2d215ccc78b8b4c631bf12374d49fb1d0d817c831a3be5e026a1286d17d9c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4192f3019c6b6dbdd4b8e5e41c74a5ad420c019a79ea80541ad400748c88ec26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D018B31B00731BBDB21AB69A906B6EB3A0AB05724F95011FF90067291CF7C6D91CBDD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004085EF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$_malloc_mbstowcs_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1108623015-0
                                                                                                                                                                                                      • Opcode ID: 0008934cc3bbb956fb2666dc1bb4104e367671bf560f9a952288f51a418a2aaa
                                                                                                                                                                                                      • Instruction ID: f73b7c60f2ca5e90e9856487de4d21164f5886ddfcaee4b94924a65dcc50cf1e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0008934cc3bbb956fb2666dc1bb4104e367671bf560f9a952288f51a418a2aaa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50E0D87290011476CB20A2AA9C0ADEB759D8BC5378F10061EB411D3183DE38D64141B8
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00413930 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 0041398F
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _calloc_fprintf_raise
                                                                                                                                                                                                      • String ID: .\src\math\rand_prime.c$N != NULL
                                                                                                                                                                                                      • API String ID: 3503205528-3954840645
                                                                                                                                                                                                      • Opcode ID: 27de3730d0e782e757995214335d0e647998dc96f962bb1fd113023cd5563606
                                                                                                                                                                                                      • Instruction ID: 0c503aa172fc5581d22f7f53a0150f46dcb44beff9babbb91f485b578faba238
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27de3730d0e782e757995214335d0e647998dc96f962bb1fd113023cd5563606
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9312DB22493045BD710DE15FC417EBB798DFD5336F14093FF88682341E79ADA858296
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E7E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 0040E83C
                                                                                                                                                                                                        • Part of subcall function 0041C794: __calloc_impl.LIBCMT ref: 0041C7A7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • in != NULL, xrefs: 0040E7EE
                                                                                                                                                                                                      • .\src\pk\asn1\der\sequence\der_decode_sequence_multi.c, xrefs: 0040E7E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __calloc_impl_calloc_fprintf_raise
                                                                                                                                                                                                      • String ID: .\src\pk\asn1\der\sequence\der_decode_sequence_multi.c$in != NULL
                                                                                                                                                                                                      • API String ID: 3013856310-3123648795
                                                                                                                                                                                                      • Opcode ID: e13dec6c0fc64410702af1cb349b18b1c74d89a972de94fbda032a663a2c392d
                                                                                                                                                                                                      • Instruction ID: e0de259ac802d4e2f2b7bfff4fdfea78beb7d0241ded5f126a60381c4bc01add
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e13dec6c0fc64410702af1cb349b18b1c74d89a972de94fbda032a663a2c392d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8621E4B3A043015BE614AA1FEC41757B3D9EBA4718F09C87FF804AB381E675EC518695
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040A6FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen
                                                                                                                                                                                                      • String ID: .plugin
                                                                                                                                                                                                      • API String ID: 4218353326-1514281864
                                                                                                                                                                                                      • Opcode ID: 6c6df0989dc4cb6c60fa71456fda2fd3ca4567183cb71a9768836d63861675c3
                                                                                                                                                                                                      • Instruction ID: d54684055f6ffbbfd0b007cef84485750a736601d7666ca9d2e3cc252daa6274
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c6df0989dc4cb6c60fa71456fda2fd3ca4567183cb71a9768836d63861675c3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0F0623790931016E62021761C469AB55A9CEC13B9B2A463FFD64E72C2ED3ECC6241EF
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004019FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0041A324: __fsopen.LIBCMT ref: 0041A32E
                                                                                                                                                                                                      • __fread_nolock.LIBCMT ref: 00401A3C
                                                                                                                                                                                                      • _fwrite.LIBCMT ref: 00401A51
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Extractor] *************************** Unable to open destination file for copy %s, xrefs: 00401A1E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$__fread_nolock__fsopen_fprintf_fwrite_printf_vfprintf
                                                                                                                                                                                                      • String ID: [Extractor] *************************** Unable to open destination file for copy %s
                                                                                                                                                                                                      • API String ID: 353365069-4233714273
                                                                                                                                                                                                      • Opcode ID: a4db1918520273b07c9197f87b162f041a4ae12318d6f71c80df0deb6ff0c4df
                                                                                                                                                                                                      • Instruction ID: 72caedf434c6ecba267513985ce1099d31a2c5c590767312163642a793ce548a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4db1918520273b07c9197f87b162f041a4ae12318d6f71c80df0deb6ff0c4df
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6F0F9327052047AFB156A969C42FDE3B69CB40764F20403BFA04341D1FB7A8E5156DD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004082B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 004082DB
                                                                                                                                                                                                        • Part of subcall function 0041C794: __calloc_impl.LIBCMT ref: 0041C7A7
                                                                                                                                                                                                        • Part of subcall function 00406EE3: EnterCriticalSection.KERNEL32(0000C800,00000000,00000000,0000C800,00409288,?,0000C800), ref: 00406EEC
                                                                                                                                                                                                        • Part of subcall function 00406EE3: _printf.LIBCMT ref: 00406F15
                                                                                                                                                                                                        • Part of subcall function 00406EE3: SetEvent.KERNEL32(?), ref: 00406F20
                                                                                                                                                                                                        • Part of subcall function 00406EE3: LeaveCriticalSection.KERNEL32(0000C800), ref: 00406F27
                                                                                                                                                                                                        • Part of subcall function 00406EE3: _printf.LIBCMT ref: 00406F3E
                                                                                                                                                                                                      • _fwrite.LIBCMT ref: 004082F9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Streamer] [FileSaver] Starting..., xrefs: 004082BC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _printf$CriticalSectionTimetime$EnterEventLeave__calloc_impl_calloc_fprintf_fwrite_vfprintf
                                                                                                                                                                                                      • String ID: [Streamer] [FileSaver] Starting...
                                                                                                                                                                                                      • API String ID: 3052885186-2245300238
                                                                                                                                                                                                      • Opcode ID: f1a311dd9e7ce6de22eedd6ab46dad6a2fe71365cb3649962ac3b66e9248d1f7
                                                                                                                                                                                                      • Instruction ID: e36d17df3185c40f853fe781e4f5f96ac5c685b4050d3efbc04e5b8f85e8c9bd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1a311dd9e7ce6de22eedd6ab46dad6a2fe71365cb3649962ac3b66e9248d1f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A01AC765043006FE300BF2ADD42A5B77D8EF85314F10453FF854962C2D779D9648AEA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401209 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strlen.LIBCMT ref: 0040120E
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,0040145F), ref: 0040189D
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetProcAddress.KERNEL32(00000000), ref: 004018A4
                                                                                                                                                                                                        • Part of subcall function 0040188A: GetCurrentProcess.KERNEL32(00000000,?,?,?,0040145F), ref: 004018B4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressCurrentHandleModuleProcProcess_strlen
                                                                                                                                                                                                      • String ID: lin$mac
                                                                                                                                                                                                      • API String ID: 3974059861-528573519
                                                                                                                                                                                                      • Opcode ID: 4dafd7160668014f958e08481a3525c6a088f50d868d95fecac5739ddaf402e1
                                                                                                                                                                                                      • Instruction ID: 5c2b0839cd1f1a32cf4eb0520bd758444f57ad52ca81a1cb112e752aad2cf4bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dafd7160668014f958e08481a3525c6a088f50d868d95fecac5739ddaf402e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24F01C3A74E71138BE19B1721E12EAF02888C16759B2850BFFC00F01E5FF6CC942109D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040D870 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _calloc.LIBCMT ref: 0040D891
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                        • Part of subcall function 00413B3C: _malloc.LIBCMT ref: 00413B43
                                                                                                                                                                                                        • Part of subcall function 00418D4A: __lock.LIBCMT ref: 00418D68
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_find_block.LIBCMT ref: 00418D73
                                                                                                                                                                                                        • Part of subcall function 00418D4A: ___sbh_free_block.LIBCMT ref: 00418D82
                                                                                                                                                                                                        • Part of subcall function 00418D4A: RtlFreeHeap.NTDLL(00000000,?,00445DA0,0000000C,0042173E,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D), ref: 00418DB2
                                                                                                                                                                                                        • Part of subcall function 00418D4A: GetLastError.KERNEL32(?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?,00000000,?,0041C8EB,?,00418F33), ref: 00418DC3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block__lock_calloc_fprintf_malloc_raise
                                                                                                                                                                                                      • String ID: .\src\math\ltm_desc.c$a != NULL
                                                                                                                                                                                                      • API String ID: 2122518419-364139164
                                                                                                                                                                                                      • Opcode ID: a40957954a75d934805c30ce5fb235098d8d790230e4e7c0527e5667bc4ba6fa
                                                                                                                                                                                                      • Instruction ID: 15ead87ffeef37acfa8ca0b2b376cd9339a4e4d4e33777ed88e74a9de2c27e4c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a40957954a75d934805c30ce5fb235098d8d790230e4e7c0527e5667bc4ba6fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57F082B3F4031117DA1475E97C02B4B62444B90755F08083BF914AB3C5F979E9984699
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401029 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _printf
                                                                                                                                                                                                      • String ID: ERROR - signature verification failed.$mixed
                                                                                                                                                                                                      • API String ID: 723836530-859903598
                                                                                                                                                                                                      • Opcode ID: 1f12e670b9b4842d051388f69f0c7be4fb1b251a992e7bc261902c1fbe9d5c9b
                                                                                                                                                                                                      • Instruction ID: 23c6e49e8193b3517c2887e6fca41c925b432c74ed30ce1eb5e7f1c255b1653e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f12e670b9b4842d051388f69f0c7be4fb1b251a992e7bc261902c1fbe9d5c9b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF0EC72A04305BBDF059FA1DD03F9F37A89B04754F10013AB608F60D1DA74DA44961C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041B567 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetDriveTypeA.KERNEL32(00000000,?,0041B5B3,00000000,00001388,00000007,00000007,?,0041B6F8,00000000,?,?,00445EC8,0000000C,00403836,00000000), ref: 0041B58B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DriveType
                                                                                                                                                                                                      • String ID: :$\
                                                                                                                                                                                                      • API String ID: 338552980-1166558509
                                                                                                                                                                                                      • Opcode ID: d6d7e1f24e12fd34c12a36e7d499a083faa993705be473d68e58d0c427557568
                                                                                                                                                                                                      • Instruction ID: 55f16a9a3d86b55c86a8ed4590f11747c1a37b8a78e9f7f594dd68fb5f123464
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6d7e1f24e12fd34c12a36e7d499a083faa993705be473d68e58d0c427557568
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABE01A30308288A9EF518BA9984479B3B8DCB11788F04C066F95CCE241E265D69683EA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004073C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM(?,?,?,?,?,?,00406333,[HttpDownloader] [Direct] +++ Start +++), ref: 0040A145
                                                                                                                                                                                                        • Part of subcall function 0040A137: _fprintf.LIBCMT ref: 0040A17B
                                                                                                                                                                                                        • Part of subcall function 0040A137: _vfprintf.LIBCMT ref: 0040A18D
                                                                                                                                                                                                        • Part of subcall function 0040A137: _printf.LIBCMT ref: 0040A1A5
                                                                                                                                                                                                        • Part of subcall function 0040A137: timeGetTime.WINMM ref: 0040A1D5
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 004073D8
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _memset.LIBCMT ref: 004073E4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Spawner] Creating spawner, xrefs: 004073C7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timetime$AllocateHeap_fprintf_malloc_memset_printf_vfprintf
                                                                                                                                                                                                      • String ID: [Spawner] Creating spawner
                                                                                                                                                                                                      • API String ID: 2675987023-1132630058
                                                                                                                                                                                                      • Opcode ID: e014ae08a91d58e236fbae882efb510cd8a505b928ce54c5371c1a975d75ce91
                                                                                                                                                                                                      • Instruction ID: cef3502ff29d8bf5490c4e1b0cb8811457c147019cb445228fc25cd3745db109
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e014ae08a91d58e236fbae882efb510cd8a505b928ce54c5371c1a975d75ce91
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48D0C9A7B4216035E115212ABC4BFEB0659CBC277AF24003FF508EA5C1AE8C2C5511BE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00413770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT ref: 00413799
                                                                                                                                                                                                        • Part of subcall function 0040E710: _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                        • Part of subcall function 0040E710: _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fprintf_memset_raise
                                                                                                                                                                                                      • String ID: .\src\misc\zeromem.c$out != ((void *)0)
                                                                                                                                                                                                      • API String ID: 166575211-2980888175
                                                                                                                                                                                                      • Opcode ID: 70919b9c61e3dbbccce24f168e127da545aa81ec0885a926da2ca2eb8da16708
                                                                                                                                                                                                      • Instruction ID: e106766d95341ca42adb9d2cd9579721329cd51442de2e2fbb60abe2d92b3c93
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70919b9c61e3dbbccce24f168e127da545aa81ec0885a926da2ca2eb8da16708
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AD05EB5B8132066E6612D167C83F9B33481B95B59F14446AF858763C2D2A89D90419E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00402CD1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00401555: __ftime64_s.LIBCMT ref: 00401562
                                                                                                                                                                                                      • _malloc.LIBCMT ref: 00402CDC
                                                                                                                                                                                                        • Part of subcall function 00418E27: __FF_MSGBANNER.LIBCMT ref: 00418E4A
                                                                                                                                                                                                        • Part of subcall function 00418E27: __NMSG_WRITE.LIBCMT ref: 00418E51
                                                                                                                                                                                                        • Part of subcall function 00418E27: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00423108,?,00000001,?,0041F8DE,00000018,004460C8,0000000C,0041F96D,?), ref: 00418E9F
                                                                                                                                                                                                      • _swprintf.LIBCMT ref: 00402CEC
                                                                                                                                                                                                        • Part of subcall function 00419B68: __vsprintf_s_l.LIBCMT ref: 00419B7B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap__ftime64_s__vsprintf_s_l_malloc_swprintf
                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                      • API String ID: 3111966513-685833217
                                                                                                                                                                                                      • Opcode ID: 8575f559d6b943f8ea2caae05e6cd0f3c419e005d53fb21e5bd8ab27f5c911b4
                                                                                                                                                                                                      • Instruction ID: 9f886ca2bdddb40e3c8b238f363f730147434e409d14478c5731673b58a8bc1e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8575f559d6b943f8ea2caae05e6cd0f3c419e005d53fb21e5bd8ab27f5c911b4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FC01252B8066031D510316E3C0FEEF464D8BC2FA6F05006BF601EF181F95D9D5241AD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _fprintf.LIBCMT ref: 0040E72D
                                                                                                                                                                                                      • _raise.LIBCMT ref: 0040E734
                                                                                                                                                                                                        • Part of subcall function 0041EC44: __getptd_noexit.LIBCMT ref: 0041EC77
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 0040E71F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2617451740.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617343545.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617618805.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617730763.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2617904587.000000000045A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __getptd_noexit_fprintf_raise
                                                                                                                                                                                                      • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                                                      • API String ID: 654286549-2823265812
                                                                                                                                                                                                      • Opcode ID: 124215d40ea952a8092fb445f16259815ab3bdac94d3c3ef3ff5fc04b18ef233
                                                                                                                                                                                                      • Instruction ID: 2fa3bd22063ac74130097993a9ec08b7f4db02910b6e2c9455677d0672a3ced2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 124215d40ea952a8092fb445f16259815ab3bdac94d3c3ef3ff5fc04b18ef233
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BD0C9F96843017BF604B752CC87E7FA269ABC4B54F94980EB94942281E978EC40956A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:1.4%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:1066
                                                                                                                                                                                                      Total number of Limit Nodes:75
                                                                                                                                                                                                      execution_graph 75436 6cf11311 75437 6cf1131d _vwprintf_helper 75436->75437 75438 6cf28e41 75437->75438 75439 6cf11339 75437->75439 75442 6cf11368 _vwprintf_helper 75437->75442 75462 6cf00815 77 API calls ___wcserror 75438->75462 75441 6cf0a48d _vwprintf_helper 78 API calls 75439->75441 75444 6cf11341 75441->75444 75443 6cf28e46 75463 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75443->75463 75449 6cf11257 75444->75449 75451 6cf1126d 75449->75451 75453 6cf11309 75449->75453 75450 6cf1273f 75487 6cf00815 77 API calls ___wcserror 75450->75487 75451->75450 75451->75453 75459 6cf111a5 __AdjustStack 75451->75459 75461 6cf11394 LeaveCriticalSection LeaveCriticalSection __fseeki64 75453->75461 75454 6cf12750 75488 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75454->75488 75457 6cf0a595 __fseeki64_nolock 98 API calls 75457->75459 75458 6cf0a4ca __fseeki64_nolock 77 API calls 75458->75459 75459->75453 75459->75457 75459->75458 75460 6cf0ec6d __tsopen_nolock 98 API calls 75459->75460 75464 6cf0ed1c 75459->75464 75460->75459 75461->75442 75462->75443 75463->75442 75465 6cf0a4ca __fseeki64_nolock 77 API calls 75464->75465 75471 6cf0ed2c 75465->75471 75466 6cf127a5 75490 6cf00815 77 API calls ___wcserror 75466->75490 75468 6cf288d2 75491 6cf00815 77 API calls ___wcserror 75468->75491 75470 6cf288f1 75472 6cf0edd3 75470->75472 75492 6cf0eb23 77 API calls _vwprintf_helper 75470->75492 75471->75466 75471->75468 75471->75470 75473 6cf0ed6b 75471->75473 75474 6cf1276f _vwprintf_helper 75471->75474 75482 6cf0ed9a 75472->75482 75493 6cf7862b 82 API calls 5 library calls 75472->75493 75475 6cf0ed79 75473->75475 75476 6cf2893d 75473->75476 75474->75470 75484 6cf1278f 75474->75484 75478 6cf0ed90 75475->75478 75479 6cf0edbe 75475->75479 75477 6cf0ec6d __tsopen_nolock 98 API calls 75476->75477 75477->75482 75480 6cf0ec6d __tsopen_nolock 98 API calls 75478->75480 75479->75466 75479->75472 75480->75482 75482->75459 75489 6cf0ce64 77 API calls _find 75484->75489 75486 6cf12795 75486->75459 75487->75454 75488->75453 75489->75486 75490->75468 75491->75468 75492->75472 75493->75482 74890 6cf0eef1 74891 6cf0eefd _vwprintf_helper 74890->74891 74892 6cf10655 74891->74892 74893 6cf0ef08 74891->74893 74920 6cf0f110 77 API calls 2 library calls 74892->74920 74902 6cf0a48d 74893->74902 74901 6cf0ef2c _vwprintf_helper 74903 6cf0a4a3 74902->74903 74904 6cf28897 EnterCriticalSection 74902->74904 74903->74904 74905 6cf0a4af 74903->74905 74921 6cf00910 74905->74921 74907 6cf0a4bf 74908 6cf0ef54 74907->74908 74909 6cf0ef65 74908->74909 74910 6cf28bec 74908->74910 75010 6cf0a595 74909->75010 75016 6cf0f110 77 API calls 2 library calls 74910->75016 74914 6cf0ef1c 74919 6cf0eee7 LeaveCriticalSection LeaveCriticalSection __fseeki64 74914->74919 74916 6cf28c06 75024 6cf78734 82 API calls 5 library calls 74916->75024 74918 6cf28c0c 74919->74901 74922 6cf274f1 74921->74922 74923 6cf00929 EnterCriticalSection 74921->74923 74931 6cf0a90b 74922->74931 74923->74907 74925 6cf274f7 74925->74923 74926 6cf27500 74925->74926 74959 6cf4bf5b 77 API calls 3 library calls 74926->74959 74932 6cf0a917 _vwprintf_helper 74931->74932 74933 6cf0a92b 74932->74933 74934 6cf2749f 74932->74934 74943 6cf0a939 _vwprintf_helper 74933->74943 74960 6cf00b31 74933->74960 74967 6cf4c244 77 API calls 2 library calls 74934->74967 74937 6cf274a4 74968 6cf4c050 77 API calls 10 library calls 74937->74968 74940 6cf274b9 74972 6cf00815 77 API calls ___wcserror 74940->74972 74941 6cf0a97f 74945 6cf00910 __cgetws_s 76 API calls 74941->74945 74942 6cf274ab 74969 6cf17980 74942->74969 74943->74925 74948 6cf0a986 74945->74948 74949 6cf0a992 InitializeCriticalSectionAndSpinCount 74948->74949 74950 6cf274d7 74948->74950 74951 6cf274be 74949->74951 74952 6cf0a9a6 74949->74952 74953 6cf0014e __wstat32 76 API calls 74950->74953 74973 6cf0014e 74951->74973 74966 6cf0a964 LeaveCriticalSection _getenv_s 74952->74966 74956 6cf274eb 74953->74956 74957 6cf274d1 74979 6cf00815 77 API calls ___wcserror 74957->74979 74962 6cf00b3a 74960->74962 74963 6cf00b4d 74962->74963 74964 6cf2f1a3 Sleep 74962->74964 74980 6cf00233 74962->74980 74963->74940 74963->74941 74965 6cf00b53 74964->74965 74965->74962 74965->74963 74966->74943 74967->74937 74968->74942 75005 6cf1792b GetModuleHandleW 74969->75005 74972->74951 74974 6cf00172 __dosmaperr 74973->74974 74975 6cf00159 RtlFreeHeap 74973->74975 74974->74957 74975->74974 74976 6cf2f288 74975->74976 75009 6cf00815 77 API calls ___wcserror 74976->75009 74978 6cf2f28e GetLastError 74978->74974 74979->74950 74991 6cf00245 74980->74991 74997 6cf2f268 74980->74997 74982 6cf2f275 75004 6cf00815 77 API calls ___wcserror 74982->75004 74985 6cf2f27b 74986 6cf0025a RtlAllocateHeap 74988 6cf00273 74986->74988 74986->74991 74988->74962 74989 6cf2f227 74989->74991 74992 6cf17980 __kbhit_nolock 3 API calls 74989->74992 74998 6cf4c244 77 API calls 2 library calls 74989->74998 74999 6cf4c050 77 API calls 10 library calls 74989->74999 74990 6cf2f25c 75001 6cf00815 77 API calls ___wcserror 74990->75001 74991->74986 74991->74989 74991->74990 74995 6cf2f261 74991->74995 75000 6cf4b62f DecodePointer 74991->75000 74992->74989 75002 6cf00815 77 API calls ___wcserror 74995->75002 75003 6cf4b62f DecodePointer 74997->75003 74998->74989 74999->74989 75000->74991 75001->74995 75002->74997 75003->74982 75004->74985 75006 6cf17954 ExitProcess 75005->75006 75007 6cf1793f GetProcAddress 75005->75007 75007->75006 75008 6cf1794f 75007->75008 75008->75006 75009->74978 75011 6cf0a5ae 75010->75011 75015 6cf0a5d0 75010->75015 75012 6cf0a4ca __fseeki64_nolock 77 API calls 75011->75012 75011->75015 75013 6cf0a5c9 75012->75013 75025 6cf0ec6d 75013->75025 75015->74914 75017 6cf0a4ca 75015->75017 75018 6cf286ba 75017->75018 75019 6cf0a4da 75017->75019 75201 6cf00815 77 API calls ___wcserror 75018->75201 75019->74916 75021 6cf286bf 75202 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75021->75202 75023 6cf286ca 75023->74916 75024->74918 75026 6cf0ec79 _vwprintf_helper 75025->75026 75027 6cf0ec85 75026->75027 75028 6cf302ee 75026->75028 75030 6cf0eb19 75027->75030 75034 6cf0ecbd 75027->75034 75131 6cf0aaae 77 API calls ___wcserror 75028->75131 75129 6cf0aaae 77 API calls ___wcserror 75030->75129 75032 6cf302f3 75132 6cf00815 77 API calls ___wcserror 75032->75132 75050 6cf0a4df 75034->75050 75037 6cf0ecc3 75039 6cf0ecd5 75037->75039 75040 6cf3031e 75037->75040 75038 6cf0eb1e 75133 6cf00815 77 API calls ___wcserror 75038->75133 75134 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75038->75134 75062 6cf0eb64 75039->75062 75135 6cf00815 77 API calls ___wcserror 75040->75135 75044 6cf0ece1 75130 6cf0eb11 LeaveCriticalSection __wsopen_helper 75044->75130 75045 6cf30323 75136 6cf0aaae 77 API calls ___wcserror 75045->75136 75048 6cf3032e 75049 6cf0ecf3 _vwprintf_helper 75049->75015 75051 6cf0a4eb _vwprintf_helper 75050->75051 75052 6cf0a514 75051->75052 75053 6cf3043c 75051->75053 75055 6cf0a536 _vwprintf_helper 75052->75055 75056 6cf0a519 EnterCriticalSection 75052->75056 75054 6cf00910 __cgetws_s 77 API calls 75053->75054 75057 6cf30443 75054->75057 75055->75037 75056->75055 75058 6cf3045f 75057->75058 75059 6cf3044c InitializeCriticalSectionAndSpinCount 75057->75059 75137 6cf3047b LeaveCriticalSection _getenv_s 75058->75137 75059->75058 75061 6cf30471 75061->75061 75063 6cf0eb73 __ftelli64_nolock 75062->75063 75082 6cf0ebaa 75063->75082 75146 6cf0aaae 77 API calls ___wcserror 75063->75146 75065 6cf2fd92 75147 6cf00815 77 API calls ___wcserror 75065->75147 75066 6cf0ebe7 75070 6cf0ebf2 75066->75070 75071 6cf2fdd7 75066->75071 75067 6cf2fdba 75149 6cf0aaae 77 API calls ___wcserror 75067->75149 75138 6cf0eb23 77 API calls _vwprintf_helper 75070->75138 75152 6cf785a6 79 API calls 3 library calls 75071->75152 75072 6cf2fdbf 75150 6cf00815 77 API calls ___wcserror 75072->75150 75074 6cf2fd99 75148 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75074->75148 75077 6cf2fde3 75079 6cf0ebf8 75077->75079 75080 6cf0ec01 75079->75080 75153 6cf0072b 75079->75153 75084 6cf0ec10 WriteFile 75080->75084 75085 6cf0f048 75080->75085 75081 6cf2fdc7 75151 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75081->75151 75082->75066 75082->75067 75088 6cf0ec32 75084->75088 75089 6cf0f105 GetLastError 75084->75089 75090 6cf30084 75085->75090 75099 6cf0f05b 75085->75099 75086 6cf2fdd2 75092 6cf30271 75088->75092 75095 6cf0ec52 75088->75095 75089->75092 75104 6cf3015e 75090->75104 75108 6cf30091 75090->75108 75093 6cf0f066 75092->75093 75097 6cf30285 75092->75097 75110 6cf302cc 75093->75110 75193 6cf00815 77 API calls ___wcserror 75093->75193 75094 6cf2fe26 75094->75080 75096 6cf2fe36 GetConsoleCP 75094->75096 75139 6cf00807 75095->75139 75096->75092 75124 6cf2fe59 75096->75124 75102 6cf30290 75097->75102 75103 6cf302a4 75097->75103 75099->75093 75100 6cf0f08b WriteFile 75099->75100 75100->75089 75109 6cf0f0bb 75100->75109 75190 6cf00815 77 API calls ___wcserror 75102->75190 75192 6cf0aabf 77 API calls 3 library calls 75103->75192 75104->75093 75105 6cf301cf WideCharToMultiByte 75104->75105 75105->75089 75113 6cf30206 WriteFile 75105->75113 75106 6cf0ec6b 75106->75044 75107 6cf30100 WriteFile 75107->75089 75111 6cf30134 75107->75111 75108->75093 75108->75107 75109->75088 75109->75099 75110->75044 75111->75088 75111->75108 75112 6cf302d8 75194 6cf0aaae 77 API calls ___wcserror 75112->75194 75118 6cf3023d GetLastError 75113->75118 75122 6cf30231 75113->75122 75117 6cf30295 75191 6cf0aaae 77 API calls ___wcserror 75117->75191 75118->75122 75121 6cf7976c WriteConsoleW CreateFileW __putch_nolock 75127 6cf2ff5d 75121->75127 75122->75088 75122->75104 75122->75113 75123 6cf2ff05 WideCharToMultiByte 75123->75088 75125 6cf2ff36 WriteFile 75123->75125 75124->75088 75124->75123 75126 6cf0d04d 79 API calls __fassign 75124->75126 75124->75127 75189 6cf0d02e 77 API calls __Strftime_l 75124->75189 75125->75089 75125->75127 75126->75124 75127->75088 75127->75089 75127->75121 75127->75124 75128 6cf2ff8a WriteFile 75127->75128 75128->75089 75128->75127 75129->75038 75130->75049 75131->75032 75132->75038 75133->75038 75134->75038 75135->75045 75136->75048 75137->75061 75138->75079 75140 6cf00813 75139->75140 75141 6cf7c16f IsDebuggerPresent 75139->75141 75140->75106 75195 6cf7cc04 75141->75195 75143 6cf7c236 SetUnhandledExceptionFilter UnhandledExceptionFilter 75144 6cf7c253 __call_reportfault 75143->75144 75145 6cf7c25b GetCurrentProcess TerminateProcess 75143->75145 75144->75145 75145->75106 75146->75065 75147->75074 75148->75082 75149->75072 75150->75081 75151->75086 75152->75077 75196 6cf006fc 77 API calls 3 library calls 75153->75196 75155 6cf00733 75156 6cf0073d GetConsoleMode 75155->75156 75200 6cf4bf5b 77 API calls 3 library calls 75155->75200 75156->75080 75156->75094 75189->75124 75190->75117 75191->75086 75192->75086 75193->75112 75194->75086 75195->75143 75196->75155 75201->75021 75202->75023 75494 388e2 75495 38913 75494->75495 75496 388eb fflush 75494->75496 75499 212d0 memset 75495->75499 75497 38904 fflush fclose 75496->75497 75498 388fd 75496->75498 75497->75495 75498->75497 75500 38924 75499->75500 75501 38ea0 75502 38eac __onexit 75501->75502 75503 38ec1 75502->75503 75504 38eb6 HeapSetInformation 75502->75504 75505 38ed5 InterlockedCompareExchange 75503->75505 75506 38ee6 75503->75506 75507 38eee Sleep 75503->75507 75504->75503 75505->75503 75505->75506 75508 38f11 75506->75508 75509 38f07 _amsg_exit 75506->75509 75507->75505 75510 38f46 75508->75510 75511 38f1a _initterm_e 75508->75511 75509->75510 75512 38f70 75510->75512 75513 38f55 _initterm 75510->75513 75511->75510 75515 38f35 __onexit 75511->75515 75514 38f75 InterlockedExchange 75512->75514 75516 38f7d __IsNonwritableInCurrentImage 75512->75516 75513->75512 75514->75516 75517 38fd2 exit _XcptFilter 75516->75517 75518 39009 75516->75518 75518->75515 75519 39011 _cexit 75518->75519 75519->75515 75520 214a6 75521 2d348 75520->75521 75522 212d0 memset 75521->75522 75523 2d393 75522->75523 75575 2d0a4 getenv 75523->75575 75525 2d3a3 75526 2d563 strchr 75525->75526 75527 2d501 strchr 75525->75527 75529 2d49a strchr 75525->75529 75532 2d5d7 75525->75532 75533 2d47a 75525->75533 75537 2d455 75525->75537 75526->75525 75527->75525 75528 2d52e strchr 75527->75528 75528->75525 75530 2d4b2 strcmp 75529->75530 75531 2d4ca strlen strncmp 75529->75531 75530->75525 75531->75525 75535 2d4f3 strlen 75531->75535 75582 211a4 75532->75582 75538 2d874 strrchr 75533->75538 75539 2d012 strrchr fprintf fprintf 75533->75539 75540 2d8c5 fprintf 75533->75540 75541 2d88b fprintf 75533->75541 75535->75525 75536 2d612 75536->75533 75542 2d634 75536->75542 75537->75533 75537->75538 75538->75533 75538->75541 75539->75533 75540->75533 75541->75533 75543 2d63a fprintf 75542->75543 75544 2d64d strcmp 75542->75544 75543->75544 75545 2d667 __iob_func _fileno 75544->75545 75546 2d6ab fopen 75544->75546 75548 2d678 strcmp 75545->75548 75547 2d6c2 fprintf exit 75546->75547 75546->75548 75549 2d6de 75547->75549 75548->75549 75550 2d685 __iob_func __iob_func 75548->75550 75592 21041 75549->75592 75552 2d697 75550->75552 75553 2d6f5 75552->75553 75554 2d6ed 75552->75554 75597 2cf70 75553->75597 75601 211fe fprintf 75554->75601 75557 2d702 75574 2d731 75557->75574 75602 21442 memset 75557->75602 75559 2d7d4 75563 2d7dc fprintf 75559->75563 75560 2d7ef 75561 2d801 75560->75561 75562 2d7f4 fclose 75560->75562 75564 2d815 75561->75564 75565 2d80b remove 75561->75565 75562->75561 75563->75560 75566 2d81a fprintf 75564->75566 75567 2d82c 75564->75567 75565->75564 75566->75567 75603 21208 7 API calls 75567->75603 75569 2cf70 6 API calls 75569->75574 75570 2d834 75604 38c30 7 API calls 75570->75604 75572 2d7b8 75572->75559 75572->75560 75573 2d854 75574->75569 75574->75572 75576 2d0c8 _strdup strtok 75575->75576 75578 2d0fc 75575->75578 75577 2d0e1 75576->75577 75577->75578 75579 2d0f1 strtok 75577->75579 75580 2d148 _strdup 75578->75580 75581 2d15f 75578->75581 75579->75577 75580->75580 75580->75581 75581->75525 75582->75536 75583 2f6d8 75582->75583 75584 2f6f6 strcmp 75583->75584 75587 2f770 75583->75587 75585 2f714 strcmp 75584->75585 75586 2f70c __iob_func 75584->75586 75588 2f723 __iob_func 75585->75588 75589 2f72e 75585->75589 75586->75587 75587->75536 75588->75587 75590 2f736 fopen 75589->75590 75591 2f74b __iob_func fprintf __iob_func 75589->75591 75590->75587 75590->75591 75591->75587 75592->75552 75593 37ee7 75592->75593 75594 37f26 75593->75594 75595 37eef fopen 75593->75595 75594->75552 75595->75594 75596 37f06 fprintf exit 75595->75596 75596->75594 75599 2cea5 3 API calls 75597->75599 75600 2ceaa 3 API calls 75597->75600 75598 2cf87 75598->75557 75598->75598 75599->75598 75600->75598 75601->75553 75602->75574 75603->75570 75604->75573 75605 37b65 75606 37b70 75605->75606 75607 37b9a 75605->75607 75611 2126c 75606->75611 75609 37b75 75609->75607 75624 2150a strlen strlen 75609->75624 75611->75609 75613 368dc 75611->75613 75612 3693d memset 75612->75613 75613->75612 75614 369a8 75613->75614 75615 369c1 fprintf 75614->75615 75619 36a6a 75614->75619 75616 369e9 75615->75616 75625 38c30 7 API calls 75616->75625 75618 370a5 75618->75609 75620 36b32 sprintf 75619->75620 75621 36b7a 75619->75621 75620->75621 75621->75616 75622 37061 75621->75622 75623 37071 memset 75622->75623 75623->75616 75624->75607 75625->75618 75203 2e145 75204 2e153 75203->75204 75205 2e164 75203->75205 75211 212d0 75204->75211 75213 2124e 75205->75213 75208 2e193 75209 2124e free 75208->75209 75210 2e19b 75209->75210 75211->75205 75212 37dd8 memset 75211->75212 75212->75205 75213->75208 75214 2ba8d 75213->75214 75215 2bab4 75214->75215 75216 2baa7 free 75214->75216 75215->75208 75216->75214 75626 2b82b 75627 2b837 75626->75627 75628 2b843 75626->75628 75627->75628 75629 2b83b free 75627->75629 75629->75628 75630 353ea 75633 3541e 75630->75633 75635 35417 75630->75635 75632 3552a 75634 354ff 75633->75634 75633->75635 75638 35534 75633->75638 75634->75635 75641 38c30 7 API calls 75635->75641 75636 35df2 75637 3571f strlen 75637->75638 75638->75636 75638->75637 75639 35b89 strlen 75638->75639 75640 35bc6 strncat strcat 75638->75640 75639->75638 75640->75638 75641->75632 75217 210c8 75218 2755d free 75217->75218 75642 6cf12b9b 75643 6cf12ba7 _vwprintf_helper 75642->75643 75644 6cf12bc7 75643->75644 75646 6cf12730 _vwprintf_helper 75643->75646 75647 6cf28cf5 _memset 75643->75647 75645 6cf0a48d _vwprintf_helper 78 API calls 75644->75645 75649 6cf12bcf 75645->75649 75674 6cf00815 77 API calls ___wcserror 75647->75674 75655 6cf12ace 75649->75655 75650 6cf28d0f 75675 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75650->75675 75656 6cf12af0 _memset 75655->75656 75672 6cf12707 75655->75672 75659 6cf28c29 75656->75659 75664 6cf126fb 75656->75664 75656->75672 75727 6cf00815 77 API calls ___wcserror 75659->75727 75660 6cf130a4 75661 6cf130ad 75660->75661 75663 6cf28c65 75660->75663 75676 6cf0cd7c 75661->75676 75666 6cf0a4ca __fseeki64_nolock 77 API calls 75663->75666 75668 6cf1270e _memset 75663->75668 75664->75660 75664->75668 75664->75672 75726 6cf00110 77 API calls 3 library calls 75664->75726 75667 6cf28ca8 75666->75667 75696 6cf0ac1f 75667->75696 75668->75672 75729 6cf00815 77 API calls ___wcserror 75668->75729 75671 6cf28c2e 75728 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75671->75728 75673 6cf12726 LeaveCriticalSection LeaveCriticalSection __fseeki64 75672->75673 75673->75646 75674->75650 75675->75646 75678 6cf12fc9 75676->75678 75679 6cf0cd8d 75676->75679 75731 6cf00815 77 API calls ___wcserror 75678->75731 75732 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75678->75732 75679->75678 75681 6cf0cdb9 75679->75681 75730 6cf0ce64 77 API calls _find 75679->75730 75683 6cf0a4ca __fseeki64_nolock 77 API calls 75681->75683 75684 6cf0cdca 75683->75684 75685 6cf0ac1f __fread_nolock 90 API calls 75684->75685 75686 6cf0cdd1 75685->75686 75686->75678 75687 6cf0a4ca __fseeki64_nolock 77 API calls 75686->75687 75695 6cf0ce25 75686->75695 75688 6cf0cdf4 75687->75688 75688->75678 75689 6cf0a4ca __fseeki64_nolock 77 API calls 75688->75689 75690 6cf0ce04 75689->75690 75690->75678 75691 6cf0ce0e 75690->75691 75692 6cf0a4ca __fseeki64_nolock 77 API calls 75691->75692 75693 6cf0ce15 75692->75693 75694 6cf0a4ca __fseeki64_nolock 77 API calls 75693->75694 75694->75695 75695->75668 75697 6cf0ac2b _vwprintf_helper 75696->75697 75698 6cf0ac37 75697->75698 75699 6cf2fd1d 75697->75699 75700 6cf0ace4 75698->75700 75705 6cf0ac6b 75698->75705 75808 6cf0aaae 77 API calls ___wcserror 75699->75808 75807 6cf0aaae 77 API calls ___wcserror 75700->75807 75703 6cf2fd22 75809 6cf00815 77 API calls ___wcserror 75703->75809 75706 6cf0ac7c 75705->75706 75707 6cf2fd4d 75705->75707 75708 6cf0a4df __read 79 API calls 75706->75708 75812 6cf0aaae 77 API calls ___wcserror 75707->75812 75711 6cf0ac82 75708->75711 75714 6cf2fd62 75711->75714 75715 6cf0ac94 75711->75715 75712 6cf0ace9 75810 6cf00815 77 API calls ___wcserror 75712->75810 75811 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75712->75811 75713 6cf2fd52 75813 6cf00815 77 API calls ___wcserror 75713->75813 75814 6cf00815 77 API calls ___wcserror 75714->75814 75733 6cf0ab09 75715->75733 75720 6cf2fd67 75815 6cf0aaae 77 API calls ___wcserror 75720->75815 75721 6cf0aca0 75806 6cf0acdc LeaveCriticalSection __wsopen_helper 75721->75806 75724 6cf2fd72 75725 6cf0acb2 _vwprintf_helper 75725->75668 75726->75664 75727->75671 75728->75672 75729->75671 75730->75681 75731->75678 75732->75678 75734 6cf2f8fb 75733->75734 75735 6cf0ab29 75733->75735 75817 6cf0aaae 77 API calls ___wcserror 75734->75817 75739 6cf0ab40 75735->75739 75743 6cf2f908 75735->75743 75737 6cf2f900 75818 6cf00815 77 API calls ___wcserror 75737->75818 75742 6cf2f92d 75739->75742 75753 6cf0ab62 75739->75753 75741 6cf2f91b 75820 6cf00815 77 API calls ___wcserror 75741->75820 75822 6cf0aaae 77 API calls ___wcserror 75742->75822 75819 6cf0aaae 77 API calls ___wcserror 75743->75819 75745 6cf12a21 75816 6cf0aaae 77 API calls ___wcserror 75745->75816 75747 6cf2f922 75821 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75747->75821 75749 6cf2f93a 75823 6cf00815 77 API calls ___wcserror 75749->75823 75751 6cf12a31 75824 6cf00815 77 API calls ___wcserror 75751->75824 75753->75745 75755 6cf0aba3 75753->75755 75758 6cf2f955 75753->75758 75774 6cf12a41 ReadFile 75753->75774 75754 6cf2f941 75825 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75754->75825 75755->75745 75757 6cf0abaa ReadFile 75755->75757 75762 6cf12a36 GetLastError 75757->75762 75763 6cf0abdd 75757->75763 75765 6cf00b31 _find 77 API calls 75758->75765 75761 6cf2f969 75828 6cf785a6 79 API calls 3 library calls 75761->75828 75766 6cf2fced 75762->75766 75763->75762 75767 6cf0abf1 75763->75767 75769 6cf2f981 75765->75769 75770 6cf2fcf4 75766->75770 75771 6cf2fbec 75766->75771 75767->75774 75784 6cf0ac03 75767->75784 75788 6cf0cea2 75767->75788 75769->75761 75826 6cf00815 77 API calls ___wcserror 75769->75826 75834 6cf00815 77 API calls ___wcserror 75770->75834 75772 6cf2fd14 75771->75772 75832 6cf0aabf 77 API calls 3 library calls 75771->75832 75775 6cf2fc51 GetLastError 75774->75775 75786 6cf2fc5b 75774->75786 75775->75774 75775->75786 75777 6cf2fcf9 75835 6cf0aaae 77 API calls ___wcserror 75777->75835 75779 6cf2f9b7 75779->75757 75780 6cf0ac0f 75780->75721 75782 6cf2f990 75827 6cf0aaae 77 API calls ___wcserror 75782->75827 75784->75780 75785 6cf0014e __wstat32 77 API calls 75784->75785 75785->75784 75786->75774 75833 6cf785a6 79 API calls 3 library calls 75786->75833 75790 6cf2fa90 ReadFile 75788->75790 75794 6cf0cee8 75788->75794 75795 6cf2fa78 75788->75795 75791 6cf2faae GetLastError 75790->75791 75799 6cf2fab8 75790->75799 75791->75795 75791->75799 75792 6cf2fbc2 MultiByteToWideChar 75792->75784 75793 6cf2fbe6 GetLastError 75792->75793 75793->75771 75794->75784 75797 6cf2fb79 75794->75797 75798 6cf2fb6c 75794->75798 75803 6cf2fb36 75794->75803 75795->75721 75796 6cf2fac7 75796->75795 75802 6cf2fbb0 75797->75802 75797->75803 75830 6cf00815 77 API calls ___wcserror 75798->75830 75799->75788 75799->75795 75799->75796 75829 6cf785a6 79 API calls 3 library calls 75799->75829 75831 6cf785a6 79 API calls 3 library calls 75802->75831 75803->75792 75805 6cf2fbbf 75805->75792 75806->75725 75807->75712 75808->75703 75809->75712 75810->75712 75811->75712 75812->75713 75813->75712 75814->75720 75815->75724 75816->75751 75817->75737 75818->75743 75819->75741 75820->75747 75821->75742 75822->75749 75823->75754 75824->75754 75825->75761 75826->75782 75827->75761 75828->75779 75829->75799 75830->75784 75831->75805 75832->75784 75833->75786 75834->75777 75835->75784 75219 2e389 75220 2e3b1 75219->75220 75221 2e3cf 75220->75221 75224 2ceaa 75220->75224 75230 2cea5 75220->75230 75225 2cec2 75224->75225 75229 2cf3f 75224->75229 75226 2cf02 fread 75225->75226 75227 2cefc __iob_func 75225->75227 75225->75229 75226->75225 75228 2cf14 _errno 75226->75228 75227->75226 75228->75225 75228->75229 75229->75220 75232 2ceaa 75230->75232 75231 2cf3f 75231->75220 75232->75231 75233 2cf02 fread 75232->75233 75234 2cefc __iob_func 75232->75234 75233->75232 75235 2cf14 _errno 75233->75235 75234->75233 75235->75231 75235->75232 75236 6cf01dfc 75237 6cf0c840 75236->75237 75238 6cf01e0b 75236->75238 75296 6cf0c84a GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 75237->75296 75243 6cf01d3f 75238->75243 75241 6cf01e16 75242 6cf0c845 75242->75242 75244 6cf01d4b _vwprintf_helper 75243->75244 75245 6cf0b8b1 75244->75245 75246 6cf01d57 75244->75246 75297 6cf0b359 HeapCreate 75245->75297 75248 6cf17b31 75246->75248 75249 6cf01d61 75246->75249 75254 6cf27448 _cexit 75248->75254 75255 6cf17b4e 75248->75255 75268 6cf17b68 75248->75268 75251 6cf02967 75249->75251 75252 6cf01d6a 75249->75252 75250 6cf0b8b6 75250->75268 75305 6cf0ba14 97 API calls 2 library calls 75250->75305 75264 6cf01dd1 _vwprintf_helper 75251->75264 75304 6cf028f9 82 API calls __freeptd 75251->75304 75301 6cf00341 TlsGetValue DecodePointer TlsSetValue 75252->75301 75260 6cf27452 75254->75260 75308 6cf17ac7 _initterm _initterm 75255->75308 75256 6cf01d6f TlsGetValue 75267 6cf01d83 75256->75267 75313 6cf76d78 78 API calls __wstat32 75260->75313 75262 6cf0b8c3 75262->75268 75298 6cf0b351 84 API calls ___wcserror 75262->75298 75263 6cf17b53 75263->75260 75265 6cf17b5c 75263->75265 75264->75241 75309 6cf17b6d 81 API calls 75265->75309 75267->75264 75271 6cf01d87 75267->75271 75310 6cf76d78 78 API calls __wstat32 75268->75310 75311 6cf766ba HeapDestroy 75268->75311 75312 6cf4c335 81 API calls __wstat32 75268->75312 75270 6cf27457 75314 6cf4c335 81 API calls __wstat32 75270->75314 75302 6cf01e1c 77 API calls ___wcserror 75271->75302 75277 6cf0b8d0 75277->75268 75299 6cf0b502 82 API calls 2 library calls 75277->75299 75278 6cf2745c 75315 6cf766ba HeapDestroy 75278->75315 75279 6cf01d93 75279->75268 75282 6cf01d9f DecodePointer 75279->75282 75286 6cf01db4 75282->75286 75283 6cf0b8dd GetCommandLineA GetCommandLineW 75300 6cf0b8a6 _setmbcp 75283->75300 75284 6cf27461 75290 6cf0014e __wstat32 77 API calls 75284->75290 75286->75284 75288 6cf01dbc 75286->75288 75287 6cf0b8fd 75306 6cf0b925 77 API calls 5 library calls 75287->75306 75303 6cf01e9b 77 API calls 4 library calls 75288->75303 75290->75268 75292 6cf0b902 75292->75268 75307 6cf0c427 89 API calls shared_ptr 75292->75307 75293 6cf01dc3 GetCurrentThreadId 75293->75264 75295 6cf0b911 75295->75248 75295->75268 75296->75242 75297->75250 75298->75277 75299->75283 75300->75287 75301->75256 75302->75279 75303->75293 75304->75264 75305->75262 75306->75292 75307->75295 75308->75263 75309->75268 75310->75268 75311->75268 75312->75268 75313->75270 75314->75278 75315->75284 75316 6cf0a864 75317 6cf0a870 _vwprintf_helper 75316->75317 75318 6cf28bc3 75317->75318 75319 6cf0a886 75317->75319 75347 6cf00815 77 API calls ___wcserror 75318->75347 75321 6cf28bd3 75319->75321 75323 6cf0a48d _vwprintf_helper 78 API calls 75319->75323 75322 6cf28bc8 75348 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75322->75348 75324 6cf0a896 75323->75324 75330 6cf0a80f 75324->75330 75329 6cf0a8b1 _vwprintf_helper 75331 6cf0a824 75330->75331 75332 6cf28b94 75330->75332 75334 6cf0a85a 75331->75334 75336 6cf0a595 __fseeki64_nolock 98 API calls 75331->75336 75376 6cf00815 77 API calls ___wcserror 75332->75376 75346 6cf0a8dc LeaveCriticalSection LeaveCriticalSection __fseeki64 75334->75346 75335 6cf28b99 75377 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75335->75377 75337 6cf0a830 75336->75337 75349 6cf0a7de 75337->75349 75341 6cf0a4ca __fseeki64_nolock 77 API calls 75342 6cf0a83e 75341->75342 75353 6cf0a72b 75342->75353 75344 6cf0a844 75344->75334 75345 6cf0014e __wstat32 77 API calls 75344->75345 75345->75334 75346->75329 75347->75322 75348->75321 75350 6cf0a7fa 75349->75350 75351 6cf0a7ee 75349->75351 75350->75341 75351->75350 75352 6cf0014e __wstat32 77 API calls 75351->75352 75352->75350 75354 6cf0a737 _vwprintf_helper 75353->75354 75355 6cf0a743 75354->75355 75356 6cf2f4d6 75354->75356 75357 6cf0a7d4 75355->75357 75362 6cf0a777 75355->75362 75396 6cf0aaae 77 API calls ___wcserror 75356->75396 75395 6cf0aaae 77 API calls ___wcserror 75357->75395 75360 6cf2f4db 75397 6cf00815 77 API calls ___wcserror 75360->75397 75361 6cf0a7d9 75398 6cf00815 77 API calls ___wcserror 75361->75398 75399 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75361->75399 75364 6cf0a4df __read 79 API calls 75362->75364 75365 6cf0a77d 75364->75365 75367 6cf2f506 75365->75367 75368 6cf0a78f 75365->75368 75400 6cf00815 77 API calls ___wcserror 75367->75400 75378 6cf0a6ba 75368->75378 75373 6cf2f50b 75375 6cf0a7a5 _vwprintf_helper 75375->75344 75376->75335 75377->75334 75401 6cf0a675 75378->75401 75380 6cf0a6ca 75386 6cf0a675 __futime32 77 API calls 75380->75386 75392 6cf0a6e7 75380->75392 75393 6cf0a6fd 75380->75393 75382 6cf0a675 __futime32 77 API calls 75384 6cf0a6ed FindCloseChangeNotification 75382->75384 75383 6cf0a705 75385 6cf0a725 75383->75385 75415 6cf0aabf 77 API calls 3 library calls 75383->75415 75388 6cf2f4ba GetLastError 75384->75388 75384->75393 75394 6cf0a7cc LeaveCriticalSection __wsopen_helper 75385->75394 75387 6cf15ac7 75386->75387 75390 6cf0a675 __futime32 77 API calls 75387->75390 75388->75393 75390->75392 75391 6cf2f4cd 75392->75382 75392->75393 75414 6cf0a5fd 78 API calls 2 library calls 75393->75414 75394->75375 75395->75361 75396->75360 75397->75361 75398->75361 75399->75361 75400->75373 75402 6cf0a686 75401->75402 75403 6cf3040f 75401->75403 75408 6cf0a6ab 75402->75408 75416 6cf0aaae 77 API calls ___wcserror 75402->75416 75417 6cf0aaae 77 API calls ___wcserror 75403->75417 75405 6cf30414 75418 6cf00815 77 API calls ___wcserror 75405->75418 75408->75380 75409 6cf0a6b5 75419 6cf00815 77 API calls ___wcserror 75409->75419 75410 6cf3041c 75410->75380 75412 6cf3042f 75420 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75412->75420 75414->75383 75415->75391 75416->75409 75417->75405 75418->75410 75419->75412 75420->75410 75421 6cf12c24 fread_s 75836 6cf0b1c6 75837 6cf0b1d2 _vwprintf_helper 75836->75837 75838 6cf0072b _strtok 77 API calls 75837->75838 75839 6cf0b1db 75838->75839 75867 6cf0b22c 75839->75867 75841 6cf0b1e5 75878 6cf0b180 75841->75878 75844 6cf0b1fc _vwprintf_helper 75845 6cf00b31 _find 77 API calls 75846 6cf0c12b 75845->75846 75846->75844 75885 6cf0c046 75846->75885 75848 6cf0c14e 75849 6cf15cf6 75848->75849 75850 6cf0c15b InterlockedDecrement 75848->75850 75849->75844 75854 6cf2a9fa 75849->75854 75857 6cf0014e __wstat32 77 API calls 75849->75857 75851 6cf0c179 InterlockedIncrement 75850->75851 75852 6cf0c16b 75850->75852 75851->75844 75853 6cf0c18f 75851->75853 75852->75851 75856 6cf0014e __wstat32 77 API calls 75852->75856 75853->75844 75858 6cf00910 __cgetws_s 77 API calls 75853->75858 75897 6cf00815 77 API calls ___wcserror 75854->75897 75859 6cf2a9e6 75856->75859 75857->75854 75861 6cf0c1a3 InterlockedDecrement 75858->75861 75859->75851 75862 6cf0c223 InterlockedIncrement 75861->75862 75863 6cf15cda 75861->75863 75896 6cf0c23d LeaveCriticalSection _getenv_s 75862->75896 75863->75862 75865 6cf0014e __wstat32 77 API calls 75863->75865 75866 6cf15cf0 75865->75866 75866->75862 75868 6cf0b238 _vwprintf_helper 75867->75868 75869 6cf0072b _strtok 75 API calls 75868->75869 75871 6cf0b23d 75869->75871 75870 6cf00910 __cgetws_s 75 API calls 75870->75871 75871->75870 75872 6cf0d005 InterlockedIncrement 75871->75872 75873 6cf0cfee InterlockedDecrement 75871->75873 75876 6cf0b27f _vwprintf_helper 75871->75876 75877 6cf0014e __wstat32 75 API calls 75871->75877 75898 6cf0b2a4 LeaveCriticalSection _getenv_s 75871->75898 75899 6cf4bf5b 77 API calls 3 library calls 75871->75899 75872->75871 75873->75871 75873->75872 75876->75841 75877->75871 75900 6cf00741 75878->75900 75881 6cf0b1a3 75883 6cf0c3ef GetACP 75881->75883 75884 6cf0b1ac 75881->75884 75882 6cf2a896 GetOEMCP 75882->75884 75883->75884 75884->75844 75884->75845 75886 6cf0b180 79 API calls 75885->75886 75888 6cf0c066 75886->75888 75887 6cf17761 75887->75848 75888->75887 75889 6cf0c0ab IsValidCodePage 75888->75889 75893 6cf0c0d0 _memset 75888->75893 75895 6cf0c110 75888->75895 75890 6cf0c0bd GetCPInfo 75889->75890 75889->75895 75890->75893 75890->75895 75891 6cf00807 __futime32 5 API calls 75892 6cf0c11f 75891->75892 75892->75848 75893->75895 75909 6cf0b7a4 GetCPInfo 75893->75909 75895->75887 75895->75891 75896->75844 75897->75844 75898->75871 75901 6cf00765 75900->75901 75907 6cf00754 75900->75907 75902 6cf0072b _strtok 77 API calls 75901->75902 75903 6cf0076a 75902->75903 75904 6cf00786 75903->75904 75908 6cf05258 77 API calls 6 library calls 75903->75908 75906 6cf0b22c __get_current_locale 77 API calls 75904->75906 75904->75907 75906->75907 75907->75881 75907->75882 75908->75904 75912 6cf0b7d8 _memset 75909->75912 75918 6cf0b78c 75909->75918 75919 6cf06407 75912->75919 75914 6cf00807 __futime32 5 API calls 75916 6cf0b893 75914->75916 75916->75895 75917 6cf062ae __mbctolower_l 83 API calls 75917->75918 75918->75914 75920 6cf00741 __islower_l 77 API calls 75919->75920 75921 6cf0641a 75920->75921 75929 6cf06332 75921->75929 75924 6cf062ae 75925 6cf00741 __islower_l 77 API calls 75924->75925 75926 6cf062c1 75925->75926 75943 6cf06129 75926->75943 75930 6cf06354 MultiByteToWideChar 75929->75930 75931 6cf06381 75929->75931 75930->75931 75941 6cf063ed 75930->75941 75933 6cf00233 __kbhit_nolock 77 API calls 75931->75933 75935 6cf0639a _memset __kbhit_nolock 75931->75935 75932 6cf00807 __futime32 5 API calls 75934 6cf06401 75932->75934 75933->75935 75934->75924 75936 6cf30cf7 75935->75936 75937 6cf063c0 MultiByteToWideChar 75935->75937 75935->75941 75938 6cf063d6 GetStringTypeW 75937->75938 75939 6cf063e7 75937->75939 75938->75939 75942 6cf0610c 77 API calls __wstat32 75939->75942 75941->75932 75942->75941 75944 6cf0614b 75943->75944 75951 6cf06187 __kbhit_nolock 75943->75951 75945 6cf06157 MultiByteToWideChar 75944->75945 75944->75951 75946 6cf06298 75945->75946 75945->75951 75947 6cf00807 __futime32 5 API calls 75946->75947 75949 6cf062ac 75947->75949 75948 6cf00233 77 API calls __kbhit_nolock 75948->75951 75949->75917 75950 6cf30d27 75959 6cf30d46 LCMapStringW 75950->75959 75960 6cf0628f 75950->75960 75951->75946 75951->75948 75951->75950 75952 6cf06251 LCMapStringW 75951->75952 75953 6cf061cc MultiByteToWideChar 75951->75953 75957 6cf06272 WideCharToMultiByte 75951->75957 75951->75960 75952->75951 75954 6cf06289 75952->75954 75955 6cf061e5 LCMapStringW 75953->75955 75953->75960 75961 6cf0610c 77 API calls __wstat32 75954->75961 75955->75951 75955->75960 75957->75954 75959->75960 75962 6cf0610c 77 API calls __wstat32 75960->75962 75961->75960 75962->75946 75422 331db 75423 33206 75422->75423 75424 33344 fprintf 75423->75424 75425 3335d 75423->75425 75424->75425 75963 6cf53dcc 75966 6cf53cef 75963->75966 75965 6cf53dde 75968 6cf53cfb _vwprintf_helper 75966->75968 75967 6cf53d0e 76024 6cf00815 77 API calls ___wcserror 75967->76024 75968->75967 75970 6cf53d3b 75968->75970 75985 6cf0bbe4 75970->75985 75971 6cf53d13 76025 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 75971->76025 75974 6cf53d40 75975 6cf53d54 75974->75975 75976 6cf53d47 75974->75976 75978 6cf53d7b 75975->75978 75979 6cf53d5b 75975->75979 76026 6cf00815 77 API calls ___wcserror 75976->76026 76002 6cf5378b 75978->76002 76027 6cf00815 77 API calls ___wcserror 75979->76027 75980 6cf53d1e _vwprintf_helper @_EH4_CallFilterFunc@8 75980->75965 75986 6cf0bbf0 _vwprintf_helper 75985->75986 75987 6cf00910 __cgetws_s 77 API calls 75986->75987 76000 6cf0bbfe 75987->76000 75988 6cf0bc8b 76029 6cf0bcbe 75988->76029 75989 6cf28f64 75991 6cf00b31 _find 77 API calls 75989->75991 75993 6cf28f6b 75991->75993 75992 6cf0bcb6 _vwprintf_helper 75992->75974 75993->75988 75994 6cf28f7d InitializeCriticalSectionAndSpinCount 75993->75994 75997 6cf28fb3 EnterCriticalSection 75994->75997 75998 6cf28f9d 75994->75998 75995 6cf0a90b __tempnam 77 API calls 75995->76000 75997->75988 75999 6cf0014e __wstat32 77 API calls 75998->75999 75999->75988 76000->75988 76000->75989 76000->75995 76032 6cf0a9b9 78 API calls __cgetws_s 76000->76032 76033 6cf0efe9 LeaveCriticalSection LeaveCriticalSection _getenv_s 76000->76033 76003 6cf537ad 76002->76003 76004 6cf537c1 76003->76004 76017 6cf537d8 76003->76017 76038 6cf00815 77 API calls ___wcserror 76004->76038 76006 6cf5392b 76008 6cf539c8 76006->76008 76009 6cf539da 76006->76009 76007 6cf537c6 76039 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 76007->76039 76044 6cf00815 77 API calls ___wcserror 76008->76044 76035 6cf77a26 76009->76035 76013 6cf539cd 76045 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 76013->76045 76014 6cf537d1 76028 6cf53da1 LeaveCriticalSection LeaveCriticalSection __fseeki64 76014->76028 76017->76006 76017->76008 76040 6cf60419 77 API calls __fassign 76017->76040 76018 6cf53943 76018->76008 76041 6cf608c3 86 API calls __mbsnbicmp_l 76018->76041 76020 6cf5396d 76020->76006 76042 6cf608c3 86 API calls __mbsnbicmp_l 76020->76042 76022 6cf5398c 76022->76006 76043 6cf608c3 86 API calls __mbsnbicmp_l 76022->76043 76024->75971 76025->75980 76026->75980 76027->75980 76028->75980 76034 6cf00934 LeaveCriticalSection 76029->76034 76031 6cf0bcc5 76031->75992 76032->76000 76033->76000 76034->76031 76046 6cf77914 76035->76046 76037 6cf77a41 76037->76014 76038->76007 76039->76014 76040->76018 76041->76020 76042->76022 76043->76006 76044->76013 76045->76014 76048 6cf77920 _vwprintf_helper 76046->76048 76047 6cf77933 76168 6cf00815 77 API calls ___wcserror 76047->76168 76048->76047 76050 6cf77969 76048->76050 76057 6cf77114 76050->76057 76051 6cf77938 76169 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 76051->76169 76054 6cf77983 76170 6cf779aa LeaveCriticalSection __wsopen_helper 76054->76170 76056 6cf77942 _vwprintf_helper 76056->76037 76058 6cf7713b 76057->76058 76171 6cf0aecc 76058->76171 76061 6cf77157 76062 6cf77196 76061->76062 76074 6cf771f1 76061->76074 76136 6cf773c6 76061->76136 76200 6cf0aaae 77 API calls ___wcserror 76062->76200 76064 6cf77847 _vwprintf_helper 76066 6cf7787e 76064->76066 76067 6cf77869 76064->76067 76065 6cf7719b 76201 6cf00815 77 API calls ___wcserror 76065->76201 76069 6cf77114 __tsopen_nolock 121 API calls 76066->76069 76228 6cf00815 77 API calls ___wcserror 76067->76228 76072 6cf77898 76069->76072 76071 6cf7786e 76229 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 76071->76229 76230 6cf778bc LeaveCriticalSection __wsopen_helper 76072->76230 76073 6cf771a5 76202 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 76073->76202 76076 6cf77278 76074->76076 76085 6cf7724b 76074->76085 76203 6cf0aaae 77 API calls ___wcserror 76076->76203 76080 6cf778aa 76084 6cf77879 _vwprintf_helper 76080->76084 76231 6cf00815 77 API calls ___wcserror 76080->76231 76081 6cf7727d 76204 6cf00815 77 API calls ___wcserror 76081->76204 76084->76054 76178 6cf0acee 76085->76178 76086 6cf77287 76205 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 76086->76205 76089 6cf771af 76089->76054 76090 6cf77309 76091 6cf77333 CreateFileA 76090->76091 76092 6cf77312 76090->76092 76094 6cf773d0 GetFileType 76091->76094 76095 6cf77360 76091->76095 76206 6cf0aaae 77 API calls ___wcserror 76092->76206 76097 6cf77421 76094->76097 76098 6cf773dd GetLastError 76094->76098 76099 6cf7736e 76095->76099 76100 6cf77399 GetLastError 76095->76100 76096 6cf77317 76207 6cf00815 77 API calls ___wcserror 76096->76207 76213 6cf0b112 78 API calls 2 library calls 76097->76213 76211 6cf0aabf 77 API calls 3 library calls 76098->76211 76099->76100 76103 6cf77374 CreateFileA 76099->76103 76209 6cf0aabf 77 API calls 3 library calls 76100->76209 76103->76094 76103->76100 76105 6cf77321 76208 6cf00815 77 API calls ___wcserror 76105->76208 76106 6cf77406 CloseHandle 76107 6cf773c0 76106->76107 76109 6cf77414 76106->76109 76210 6cf00815 77 API calls ___wcserror 76107->76210 76212 6cf00815 77 API calls ___wcserror 76109->76212 76112 6cf7743f 76114 6cf77655 76112->76114 76115 6cf77495 76112->76115 76120 6cf77504 76112->76120 76116 6cf776f2 76114->76116 76114->76136 76214 6cf113a2 79 API calls 3 library calls 76115->76214 76116->76114 76118 6cf777bd CloseHandle CreateFileA 76116->76118 76116->76136 76121 6cf777ea GetLastError 76118->76121 76118->76136 76119 6cf7749f 76122 6cf774c1 76119->76122 76123 6cf774a8 76119->76123 76120->76114 76129 6cf7765e 76120->76129 76140 6cf775ae 76120->76140 76225 6cf0aabf 77 API calls 3 library calls 76121->76225 76126 6cf0ab09 __tsopen_nolock 87 API calls 76122->76126 76215 6cf0aaae 77 API calls ___wcserror 76123->76215 76130 6cf774d2 76126->76130 76127 6cf777f6 76226 6cf0a5fd 78 API calls 2 library calls 76127->76226 76128 6cf774ad 76128->76120 76132 6cf774b5 76128->76132 76129->76114 76139 6cf7767b 76129->76139 76144 6cf775d2 76129->76144 76134 6cf774eb 76130->76134 76216 6cf79c3f 101 API calls 6 library calls 76130->76216 76138 6cf0a6ba __tsopen_nolock 80 API calls 76132->76138 76133 6cf77626 76137 6cf0ab09 __tsopen_nolock 87 API calls 76133->76137 76134->76132 76217 6cf113a2 79 API calls 3 library calls 76134->76217 76227 6cf7af2c 10 API calls __call_reportfault 76136->76227 76152 6cf77633 76137->76152 76138->76107 76220 6cf785a6 79 API calls 3 library calls 76139->76220 76140->76114 76140->76133 76140->76144 76146 6cf775fd 76140->76146 76143 6cf77686 76143->76144 76148 6cf77691 76143->76148 76144->76114 76144->76132 76149 6cf0ec6d __tsopen_nolock 98 API calls 76144->76149 76145 6cf776ad 76150 6cf776d6 76145->76150 76151 6cf776bc 76145->76151 76218 6cf785a6 79 API calls 3 library calls 76146->76218 76221 6cf785a6 79 API calls 3 library calls 76148->76221 76149->76144 76153 6cf776f8 76150->76153 76158 6cf776dd 76150->76158 76157 6cf0a6ba __tsopen_nolock 80 API calls 76151->76157 76152->76114 76152->76132 76152->76145 76152->76153 76224 6cf113a2 79 API calls 3 library calls 76153->76224 76154 6cf77608 76154->76144 76160 6cf7760f 76154->76160 76162 6cf776c3 76157->76162 76223 6cf113a2 79 API calls 3 library calls 76158->76223 76219 6cf785a6 79 API calls 3 library calls 76160->76219 76161 6cf7769b 76161->76114 76161->76132 76222 6cf00815 77 API calls ___wcserror 76162->76222 76163 6cf776e7 76163->76116 76163->76132 76167 6cf77619 76167->76132 76167->76133 76168->76051 76169->76056 76170->76056 76172 6cf305d6 76171->76172 76173 6cf0aedc 76171->76173 76232 6cf00815 77 API calls ___wcserror 76172->76232 76173->76061 76175 6cf305db 76233 6cf7af7e 11 API calls __invalid_parameter_noinfo_noreturn 76175->76233 76177 6cf305e6 76177->76061 76179 6cf0acfa _vwprintf_helper 76178->76179 76180 6cf0a90b __tempnam 77 API calls 76179->76180 76181 6cf0ad0a 76180->76181 76182 6cf00910 __cgetws_s 77 API calls 76181->76182 76198 6cf0b2d8 76181->76198 76187 6cf0ad1a 76182->76187 76183 6cf0adcf 76234 6cf0ade4 76183->76234 76186 6cf304b1 76238 6cf01e1c 77 API calls ___wcserror 76186->76238 76187->76183 76187->76186 76190 6cf0b2ad 76187->76190 76191 6cf0ad90 EnterCriticalSection 76187->76191 76188 6cf0addb _vwprintf_helper 76188->76090 76192 6cf00910 __cgetws_s 77 API calls 76190->76192 76191->76187 76193 6cf30494 LeaveCriticalSection 76191->76193 76194 6cf0b2b4 76192->76194 76193->76187 76196 6cf0b2c1 InitializeCriticalSectionAndSpinCount 76194->76196 76194->76198 76195 6cf304ba 76195->76183 76197 6cf0a4df __read 79 API calls 76195->76197 76196->76198 76199 6cf3051f 76197->76199 76237 6cf0b2e9 LeaveCriticalSection _getenv_s 76198->76237 76199->76183 76200->76065 76201->76073 76202->76089 76203->76081 76204->76086 76205->76089 76206->76096 76207->76105 76208->76089 76209->76107 76210->76136 76211->76106 76212->76107 76213->76112 76214->76119 76215->76128 76216->76134 76217->76128 76218->76154 76219->76167 76220->76143 76221->76161 76222->76136 76223->76163 76224->76161 76225->76127 76226->76136 76227->76064 76228->76071 76229->76084 76230->76080 76231->76084 76232->76175 76233->76177 76239 6cf00934 LeaveCriticalSection 76234->76239 76236 6cf0adeb 76236->76188 76237->76198 76238->76195 76239->76236 75426 31c59 memset __iob_func 75427 31c90 75426->75427 75428 212d0 memset 75427->75428 75429 31cbc 75428->75429 75429->75429 75430 37d58 75431 37d76 75430->75431 75432 37d66 75430->75432 75434 37d7c memset 75431->75434 75435 37d8a 75431->75435 75432->75431 75433 37d6a malloc 75432->75433 75433->75431 75434->75435 76240 6cf17b0c 76241 6cf17b1d 76240->76241 76243 6cf17998 76240->76243 76244 6cf179a4 _vwprintf_helper 76243->76244 76245 6cf179b8 76244->76245 76246 6cf179ab 76244->76246 76248 6cf00910 __cgetws_s 72 API calls 76245->76248 76276 6cf178ec GetModuleHandleW 76246->76276 76250 6cf179bf 76248->76250 76249 6cf179b0 76249->76245 76252 6cf1792b ___crtCorExitProcess 2 API calls 76249->76252 76251 6cf17a84 76250->76251 76254 6cf179e8 DecodePointer 76250->76254 76271 6cf17ab0 76251->76271 76255 6cf2740a 76252->76255 76254->76251 76257 6cf17a03 DecodePointer 76254->76257 76255->76245 76264 6cf17a16 76257->76264 76258 6cf17ac1 _vwprintf_helper 76258->76241 76260 6cf17aa7 76262 6cf17980 __kbhit_nolock 3 API calls 76260->76262 76263 6cf17ab0 76262->76263 76265 6cf17ab6 76263->76265 76279 6cf00934 LeaveCriticalSection 76263->76279 76264->76251 76266 6cf17a2d DecodePointer 76264->76266 76269 6cf17a3c DecodePointer DecodePointer 76264->76269 76270 6cf27410 76264->76270 76277 6cf0b377 EncodePointer 76264->76277 76265->76241 76278 6cf0b377 EncodePointer 76266->76278 76269->76264 76269->76270 76272 6cf17ab7 76271->76272 76274 6cf17a90 76271->76274 76280 6cf00934 LeaveCriticalSection 76272->76280 76274->76258 76275 6cf00934 LeaveCriticalSection 76274->76275 76275->76260 76276->76249 76277->76264 76278->76264 76279->76265 76280->76274 76281 37dfd 76282 37e1d 76281->76282 76283 37e07 fwrite 76282->76283 76284 37e2a 76282->76284 76283->76282 76285 37e2f _errno fprintf exit 76283->76285 76286 37e69 76285->76286 76289 38c30 7 API calls 76286->76289 76288 37eca 76289->76288

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 000214A6 Relevance: 72.2, APIs: 25, Strings: 16, Instructions: 464stringfileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 214a6-2d3b4 call 21104 call 212d0 call 2d0a4 8 2d3b7-2d3bb 0->8 9 2d3c6-2d3cf call 212b2 8->9 10 2d3bd-2d3c4 8->10 11 2d3d2-2d3dd 9->11 10->11 13 2d3e3-2d3e6 11->13 14 2d559 11->14 13->14 16 2d3ec-2d3f3 13->16 17 2d55b-2d55d 14->17 18 2d3f5-2d3f7 16->18 19 2d408 16->19 20 2d563-2d573 strchr 17->20 21 2d40a 17->21 22 2d501-2d517 strchr 18->22 23 2d3fd-2d403 18->23 19->21 20->21 25 2d579-2d57b 20->25 24 2d40c-2d410 21->24 26 2d519-2d51d 22->26 27 2d52e-2d540 strchr 22->27 28 2d484-2d48f 23->28 29 2d405 23->29 30 2d412-2d415 24->30 31 2d41b-2d41f 24->31 25->24 32 2d524-2d527 26->32 33 2d51f-2d522 26->33 34 2d542-2d548 27->34 35 2d550-2d553 27->35 28->35 36 2d495 28->36 29->19 30->31 37 2d5d7-2d5da 30->37 38 2d421-2d424 31->38 39 2d42c-2d42f 31->39 40 2d529-2d52c 32->40 33->40 41 2d555-2d557 34->41 42 2d54a-2d54e 34->42 35->20 43 2d49a-2d4b0 strchr 36->43 45 2d5f5-2d5f8 37->45 46 2d5dc-2d5f0 call 21244 call 2158c 37->46 38->39 44 2d426-2d428 38->44 47 2d435 39->47 48 2d598-2d59b 39->48 40->17 41->40 42->33 42->35 53 2d4b2-2d4bc strcmp 43->53 54 2d4ca-2d4dd strlen strncmp 43->54 44->39 55 2d42a 44->55 49 2d60a-2d61c call 211a4 45->49 50 2d5fa-2d605 call 2158c 45->50 46->45 57 2d43b-2d43e 47->57 58 2d8a8-2d8b9 call 2d012 47->58 51 2d5ca-2d5cc 48->51 52 2d59d-2d5a0 48->52 81 2d622-2d624 49->81 82 2d85c-2d86d call 2d012 49->82 50->49 64 2d5cf-2d5d2 51->64 62 2d5c2-2d5c5 52->62 63 2d5a2-2d5a3 52->63 65 2d4be 53->65 66 2d4df-2d4ef 53->66 54->66 68 2d4f3-2d4ff strlen 54->68 55->39 57->58 59 2d444-2d447 57->59 91 2d8c0 58->91 71 2d580-2d586 59->71 72 2d44d-2d44f 59->72 62->8 75 2d5b6-2d5c0 63->75 76 2d5a5-2d5a8 63->76 64->8 73 2d4c1-2d4c5 65->73 66->43 78 2d4f1 66->78 68->73 79 2d58b-2d593 call 2158c 71->79 72->64 80 2d455-2d458 72->80 73->17 75->79 83 2d45e-2d467 76->83 84 2d5ae-2d5b1 76->84 78->35 79->8 80->83 86 2d874-2d886 strrchr 80->86 81->82 90 2d62a-2d62e 81->90 82->86 88 2d469 83->88 89 2d46e-2d474 83->89 84->8 96 2d88b-2d8a2 fprintf 86->96 97 2d888 86->97 88->89 89->91 95 2d47a-2d47f 89->95 90->82 98 2d634-2d638 90->98 92 2d8c5-2d8d1 fprintf 91->92 92->82 95->92 96->58 97->96 99 2d63a-2d64a fprintf 98->99 100 2d64d-2d665 strcmp 98->100 99->100 101 2d667-2d675 __iob_func _fileno 100->101 102 2d6ab-2d6c0 fopen 100->102 104 2d678-2d683 strcmp 101->104 103 2d6c2-2d6d8 fprintf exit 102->103 102->104 105 2d6de-2d6e2 call 21041 103->105 104->105 106 2d685-2d695 __iob_func * 2 104->106 108 2d6e7-2d6eb 105->108 106->108 109 2d697-2d6a9 call 2158c 106->109 111 2d6f5-2d70f call 2cf70 108->111 112 2d6ed-2d6f0 call 211fe 108->112 109->108 117 2d751-2d75f call 21145 111->117 118 2d711-2d73f call 2169a call 211ea call 21442 call 212ad 111->118 112->111 123 2d761-2d764 117->123 127 2d7cd-2d7d2 118->127 149 2d745-2d74f call 21145 118->149 126 2d766 123->126 123->127 131 2d776-2d780 call 21569 126->131 129 2d7d4-2d7ee call 2100a fprintf 127->129 130 2d7ef-2d7f2 127->130 129->130 135 2d801-2d804 130->135 136 2d7f4-2d7fe fclose 130->136 142 2d782-2d785 131->142 143 2d768-2d76b 131->143 140 2d806-2d809 135->140 141 2d815-2d818 135->141 136->135 140->141 145 2d80b-2d814 remove 140->145 146 2d81a-2d829 fprintf 141->146 147 2d82c-2d85b call 21208 call 21280 call 38c30 141->147 142->127 148 2d787-2d79a call 2cf70 142->148 143->127 151 2d76d-2d771 call 21217 143->151 145->141 146->147 160 2d7ba-2d7bc 148->160 161 2d79c-2d7b6 call 213cf call 21145 148->161 149->123 151->131 164 2d7cb 160->164 165 2d7be-2d7c6 call 214ba 160->165 161->131 171 2d7b8 161->171 164->127 165->164 171->127
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 000212D0: memset.MSVCR100(?,00000000,00000034), ref: 00037DE0
                                                                                                                                                                                                        • Part of subcall function 0002D0A4: getenv.MSVCR100(UNPACK200_FLAGS), ref: 0002D0B2
                                                                                                                                                                                                        • Part of subcall function 0002D0A4: _strdup.MSVCR100(00000000), ref: 0002D0C9
                                                                                                                                                                                                        • Part of subcall function 0002D0A4: strtok.MSVCR100(00000000, ), ref: 0002D0DC
                                                                                                                                                                                                        • Part of subcall function 0002D0A4: strtok.MSVCR100(00000000, ,00000004), ref: 0002D0F6
                                                                                                                                                                                                        • Part of subcall function 0002D0A4: _strdup.MSVCR100(?), ref: 0002D14E
                                                                                                                                                                                                      • strchr.MSVCR100(00000001,0000003D,?,00000000), ref: 0002D4A5
                                                                                                                                                                                                      • strcmp.MSVCR100(00000002,00000001), ref: 0002D4B3
                                                                                                                                                                                                      • strlen.MSVCR100(00000001), ref: 0002D4CA
                                                                                                                                                                                                      • strncmp.MSVCR100(00000002,00000001,00000000,00000001), ref: 0002D4D2
                                                                                                                                                                                                      • strlen.MSVCR100(00000001), ref: 0002D4F4
                                                                                                                                                                                                      • strchr.MSVCR100(vqrVh?,00000000,?,00000000), ref: 0002D50D
                                                                                                                                                                                                      • strchr.MSVCR100(HlJ,?), ref: 0002D536
                                                                                                                                                                                                      • strchr.MSVCR100(HlJ,00000000,?,00000000), ref: 0002D569
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Unpacking from %s to %s,00000000,?,?,00000000), ref: 0002D644
                                                                                                                                                                                                      • strcmp.MSVCR100(?,00042484,?,00000000), ref: 0002D656
                                                                                                                                                                                                      • __iob_func.MSVCR100(?,00000000), ref: 0002D66B
                                                                                                                                                                                                      • _fileno.MSVCR100(00000000), ref: 0002D66E
                                                                                                                                                                                                      • strcmp.MSVCR100(?,00042484), ref: 0002D67A
                                                                                                                                                                                                      • __iob_func.MSVCR100 ref: 0002D685
                                                                                                                                                                                                      • __iob_func.MSVCR100 ref: 0002D68D
                                                                                                                                                                                                      • fopen.MSVCR100(?,00042480,?,00000000), ref: 0002D6B3
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Error: Could not open input file: %s,?), ref: 0002D6CD
                                                                                                                                                                                                      • exit.MSVCR100(00000003), ref: 0002D6D8
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Error: %s,00000000), ref: 0002D7E5
                                                                                                                                                                                                      • fclose.MSVCR100(?), ref: 0002D7F7
                                                                                                                                                                                                      • remove.MSVCR100(?), ref: 0002D80E
                                                                                                                                                                                                      • fprintf.MSVCR100(?,unpacker completed with status=%d,00000000), ref: 0002D823
                                                                                                                                                                                                      • strrchr.MSVCR100(?,0000002F,?,00000000), ref: 0002D87C
                                                                                                                                                                                                      • fprintf.MSVCR100(?,%s version %s,?,1.30, 07/05/05), ref: 0002D899
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Unrecognized argument%s: %s, in ${UNPACK200_FLAGS},?,?,00000000), ref: 0002D8C8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf$strchr$__iob_funcstrcmp$_strdupstrlenstrtok$_filenoexitfclosefopengetenvmemsetremovestrncmpstrrchr
                                                                                                                                                                                                      • String ID: in ${UNPACK200_FLAGS}$%s version %s$1.30, 07/05/05$Error: %s$Error: Could not open input file: %s$HlJ$Missing option string%s: %s$Unpacking from %s to %s$Unrecognized argument%s: %s$com.sun.java.util.jar.pack.unpack.log.file$com.sun.java.util.jar.pack.unpack.remove.packfile$com.sun.java.util.jar.pack.verbose$garbage after end of pack archive$unpack.deflate.hint$unpacker completed with status=%d$vqrVh?
                                                                                                                                                                                                      • API String ID: 1969405764-3099254033
                                                                                                                                                                                                      • Opcode ID: 5f80bcf8bf9550bd0b4c487775619cff87e041e56dc526c2b9c6d0936a5987b3
                                                                                                                                                                                                      • Instruction ID: deb70e4a956cb5a9afa19b2592339a5f7141c2ca397f9112b1b5d7516d8dd2e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f80bcf8bf9550bd0b4c487775619cff87e041e56dc526c2b9c6d0936a5987b3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72F1CDB1904229DFEF24AFA4FC85AEDBBB4EF15314F14002BF605A6092EB749D45CB64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0002126C Relevance: 28.6, APIs: 4, Strings: 12, Instructions: 582COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 491 2126c-3690b 493 3692d-36931 491->493 494 3690d-3692b 491->494 496 36933 493->496 497 3693d-36980 memset call 21618 493->497 495 36986-3699d call 212d5 494->495 504 369a8-369b1 495->504 505 3699f-369a6 495->505 500 36938 call 214ba 496->500 497->495 500->497 506 369b7-369bb 504->506 507 36a6a-36a72 504->507 505->500 506->507 508 369c1-369ec fprintf call 2123f 506->508 509 36a79-36a97 507->509 515 369ee-369f5 508->515 516 36a5c-36a65 call 2142e 508->516 509->509 511 36a99-36b0e call 2121c call 2150f call 2143d * 2 509->511 539 36b11-36b18 511->539 519 369f7-36a20 call 2169a call 211e0 515->519 520 36a26-36a40 call 212d5 515->520 528 37095-370ac call 38c30 516->528 519->520 519->528 520->516 531 36a42-36a5a call 2123f 520->531 531->515 540 36b1a-36b24 539->540 541 36b29-36b30 539->541 542 36b26 540->542 543 36b7a-36b7d 540->543 541->539 544 36b32-36b74 sprintf 541->544 542->541 543->528 545 36b83-36bce call 2143d 543->545 544->543 548 36bd0-36bd2 545->548 549 36bde-36be3 545->549 548->549 550 36bd4 548->550 551 36be5 549->551 552 36bef-36bf2 549->552 550->549 551->552 553 36bf4-36c18 call 2143d * 2 552->553 554 36c28-36c4f 552->554 574 36c1a-36c1c 553->574 575 36c1e 553->575 554->528 555 36c55-36c58 554->555 557 36c70-36c78 555->557 558 36c5a-36c60 555->558 562 36c7e-36c81 557->562 563 36d0d-36d24 call 214d3 557->563 560 36c66 558->560 561 36e09-36e13 558->561 560->557 568 36e15 561->568 569 36e1f-36e25 561->569 565 36c83 562->565 566 36c8d-36c8f 562->566 563->528 580 36d2a-36d53 call 21618 563->580 565->566 571 36c91 566->571 572 36c9b-36cc1 call 21460 * 2 call 2169a call 211e0 566->572 568->569 576 36e27-36e29 569->576 577 36e2a-36e2d 569->577 571->572 603 36cc6-36cda 572->603 574->554 574->575 575->554 576->577 578 36e32-36e35 577->578 579 36e2f 577->579 582 36e37 578->582 583 36e3a-36e3d 578->583 579->578 580->528 591 36d59-36d62 580->591 582->583 586 36e42-36e4a call 212d5 583->586 587 36e3f 583->587 594 36e4f-36e52 586->594 587->586 595 36db0-36dcd call 212d5 591->595 594->528 598 36e58-36e6d 594->598 604 36d64-36d83 595->604 605 36dcf-36de3 call 21177 595->605 601 36e6f-36e7f call 2143d 598->601 602 36ebd-36ec0 598->602 622 36e81 601->622 623 36e8b-36e8e 601->623 606 36ec2-36ed2 call 2143d 602->606 607 36ef8 602->607 603->528 610 36ce0-36d08 call 21618 603->610 614 36d85 604->614 615 36d88-36d93 call 214d3 604->615 605->528 630 36de9-36e03 605->630 606->622 631 36ed4-36ed7 606->631 609 36efa-36efd 607->609 616 36f11-36f14 609->616 617 36eff-36f09 609->617 610->561 614->615 615->528 634 36d99-36daa 615->634 627 36f22-36f30 call 2143d 616->627 628 36f16-36f20 616->628 617->616 625 36f0b-36f0f 617->625 622->623 623->528 624 36e94-36eb2 call 2143d * 2 623->624 624->622 648 36eb4-36eb7 624->648 633 36f3f-36f43 625->633 627->622 642 36f36-36f39 627->642 628->625 628->627 630->561 631->528 636 36edd-36eed call 2143d 631->636 633->609 639 36f45-36f55 call 2143d 633->639 634->595 636->622 647 36eef-36ef2 636->647 639->622 649 36f5b-36f5e 639->649 642->528 642->633 647->528 647->607 648->528 648->602 649->528 650 36f64-36f90 call 2143d * 3 649->650 650->622 657 36f96-36f99 650->657 657->528 658 36f9f-36fae 657->658 659 36fb0 658->659 660 36fba-36fcd call 21532 658->660 659->660 660->528 663 36fd3-36fe1 660->663 664 36fe3-36fe6 663->664 665 36ff2-36ffd 663->665 664->665 668 36fe8 664->668 666 37006-3702a call 212d5 665->666 667 36fff 665->667 671 37036-3705f call 2169a call 211e0 666->671 672 3702c 666->672 667->666 668->665 671->528 677 37061-37092 call 21618 memset 671->677 672->671 677->528
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCR100(?,00000000,0000010D,?), ref: 00036957
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Copy-mode.,00000013,00000000,?,00000013,00000000), ref: 000369C9
                                                                                                                                                                                                      • sprintf.MSVCR100(?,@Corrupted pack file: magic/ver = %08X/%d.%d should be %08X/%d.%d OR %08X/%d.%d OR %08X/%d.%d OR %08X/%d.%d,?,?,?,CAFED00D,00000096,00000007,CAFED00D,000000A0,00000001,CAFED00D,000000AA,00000001,CAFED00D,000000AB), ref: 00036B68
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Copy-mode., xrefs: 000369C1
                                                                                                                                                                                                      • cannot allocate large input buffer for package file, xrefs: 00036E15
                                                                                                                                                                                                      • Format bits for Java 7 must be zero in previous releases, xrefs: 00036BD4
                                                                                                                                                                                                      • bad value count, xrefs: 00036E81
                                                                                                                                                                                                      • EOF reading band headers, xrefs: 0003702C
                                                                                                                                                                                                      • EOF reading archive magic number, xrefs: 0003699F
                                                                                                                                                                                                      • EOF reading fixed input buffer, xrefs: 00036C66
                                                                                                                                                                                                      • High archive option bits are reserved and must be zero, xrefs: 00036BE5
                                                                                                                                                                                                      • @Corrupted pack file: magic/ver = %08X/%d.%d should be %08X/%d.%d OR %08X/%d.%d OR %08X/%d.%d OR %08X/%d.%d, xrefs: 00036B62
                                                                                                                                                                                                      • impossible archive size, xrefs: 00036C83
                                                                                                                                                                                                      • EOF reading archive header, xrefs: 00036FB0
                                                                                                                                                                                                      • too much read-ahead, xrefs: 00036933, 00036C91
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintfmemsetsprintf
                                                                                                                                                                                                      • String ID: @Corrupted pack file: magic/ver = %08X/%d.%d should be %08X/%d.%d OR %08X/%d.%d OR %08X/%d.%d OR %08X/%d.%d$Copy-mode.$EOF reading archive header$EOF reading archive magic number$EOF reading band headers$EOF reading fixed input buffer$Format bits for Java 7 must be zero in previous releases$High archive option bits are reserved and must be zero$bad value count$cannot allocate large input buffer for package file$impossible archive size$too much read-ahead
                                                                                                                                                                                                      • API String ID: 478426862-468648337
                                                                                                                                                                                                      • Opcode ID: 347286764f691b0afa288c9b35ee7ca7c80a542e186d7cdccf2a7bedca2919c4
                                                                                                                                                                                                      • Instruction ID: 6342ce3ee03f2a56faeb7ba3d02c186b2e896aaab53b0059396561cc814a4713
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 347286764f691b0afa288c9b35ee7ca7c80a542e186d7cdccf2a7bedca2919c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF326EB0A00745EFDB25DFB4D891BEEB7E9BF15300F50892EE59A9B242DB316844CB11
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0AB09 Relevance: 54.8, APIs: 30, Strings: 1, Instructions: 508fileCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ReadFile.KERNELBASE(?,00000040,?,?,00000000,?,?,?), ref: 6CF0ABCF
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,?,?), ref: 6CF12A2C
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?), ref: 6CF12A36
                                                                                                                                                                                                      • __doserrno.MSVCR100(?), ref: 6CF2F8FB
                                                                                                                                                                                                      • _errno.MSVCR100(?), ref: 6CF2F903
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,?), ref: 6CF2F916
                                                                                                                                                                                                      • _errno.MSVCR100(?,?), ref: 6CF2F91D
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?), ref: 6CF2F928
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,?,?), ref: 6CF2F935
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?), ref: 6CF2F93C
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?), ref: 6CF2F959
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?), ref: 6CF2F964
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(?,?,?,?), ref: 6CF2F97C
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?), ref: 6CF2F98B
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,?,?), ref: 6CF2F996
                                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 6CF2F9B2
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000040,?,?,?,?,?), ref: 6CF2FBD9
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?), ref: 6CF2FBE6
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000,?,?,?), ref: 6CF2FBED
                                                                                                                                                                                                      • free.MSVCR100(00000040,?,?,?), ref: 6CF2FBFD
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?), ref: 6CF2FCF4
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,?,?), ref: 6CF2FCFF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __doserrno_errno$ErrorLast_invalid_parameter_noinfo$ByteCharFileMultiReadWide__dosmaperr__lseeki64_nolock_malloc_crtfree
                                                                                                                                                                                                      • String ID: @H
                                                                                                                                                                                                      • API String ID: 2001541387-221476346
                                                                                                                                                                                                      • Opcode ID: edc9e0eb856d3e6dbd3fe353fed582f8aef7cbee21965fce5bcb4d76a966783e
                                                                                                                                                                                                      • Instruction ID: 9f098ac57c1c2c734ab3ec0c41355dcc139573aac745404819a4218564cc8a01
                                                                                                                                                                                                      • Opcode Fuzzy Hash: edc9e0eb856d3e6dbd3fe353fed582f8aef7cbee21965fce5bcb4d76a966783e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD122871A19396DFDB21CFA8C8A07AE7BF0BF02708F24469DD4619BAD1D3788544CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0EB64 Relevance: 47.0, APIs: 31, Instructions: 498fileCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 351 6cf0eb64-6cf0eb9c call 6cf060b0 354 6cf0eba2-6cf0eba4 351->354 355 6cf2fd86 351->355 356 6cf0ebaa-6cf0ebd8 354->356 357 6cf2fd8d-6cf2fda4 call 6cf0aaae call 6cf00815 call 6cf7af7e 354->357 355->357 359 6cf2fdac-6cf2fdb4 356->359 360 6cf0ebde-6cf0ebe1 356->360 357->359 362 6cf0ebe7-6cf0ebec 359->362 363 6cf2fdba-6cf2fdd2 call 6cf0aaae call 6cf00815 call 6cf7af7e 359->363 360->359 360->362 366 6cf0ebf2-6cf0ebfb call 6cf0eb23 362->366 367 6cf2fdd7-6cf2fde3 call 6cf785a6 362->367 389 6cf302e6 363->389 376 6cf0ec01 366->376 377 6cf2fdeb-6cf2fdf2 366->377 367->377 380 6cf0ec03-6cf0ec0a 376->380 377->376 382 6cf2fdf8-6cf2fe20 call 6cf0072b GetConsoleMode 377->382 383 6cf0ec10-6cf0ec2c WriteFile 380->383 384 6cf0f048-6cf0f055 380->384 382->380 399 6cf2fe26-6cf2fe28 382->399 387 6cf0ec32-6cf0ec3f 383->387 388 6cf0f105-6cf30271 GetLastError 383->388 390 6cf30084-6cf3008b 384->390 391 6cf0f05b-6cf0f064 384->391 393 6cf0ec45-6cf0ec4c 387->393 404 6cf3027c-6cf30283 388->404 395 6cf30091-6cf3009a 390->395 396 6cf3015e-6cf3016d 390->396 397 6cf0f0e0-6cf0f0f0 391->397 398 6cf0f066 391->398 403 6cf0ec52-6cf0ec6c call 6cf00807 393->403 393->404 402 6cf302b2-6cf302bf 395->402 405 6cf300a0-6cf300b7 395->405 401 6cf30173-6cf3018e 396->401 396->402 400 6cf0f06b-6cf0f06e 397->400 398->402 406 6cf2fe36-6cf2fe53 GetConsoleCP 399->406 407 6cf2fe2a-6cf2fe30 399->407 413 6cf0f070-6cf0f07d 400->413 414 6cf0f08b-6cf0f0b9 WriteFile 400->414 410 6cf3018f-6cf30192 401->410 415 6cf302d3-6cf302e3 call 6cf00815 call 6cf0aaae 402->415 416 6cf302c1-6cf302ca 402->416 404->402 409 6cf30285-6cf3028e 404->409 412 6cf300b8-6cf300bb 405->412 406->404 408 6cf2fe59 406->408 407->380 407->406 418 6cf2fe5f-6cf2fe67 408->418 419 6cf30290-6cf302a2 call 6cf00815 call 6cf0aaae 409->419 420 6cf302a4-6cf302b0 call 6cf0aabf 409->420 421 6cf30194-6cf301a8 410->421 422 6cf301cf-6cf30200 WideCharToMultiByte 410->422 424 6cf30100-6cf3012e WriteFile 412->424 425 6cf300bd-6cf300cd 412->425 426 6cf0f0f5-6cf0f100 413->426 427 6cf0f07f-6cf0f089 413->427 414->388 428 6cf0f0bb-6cf0f0c9 414->428 415->389 416->415 429 6cf302cc-6cf302ce 416->429 436 6cf2ffd4-6cf2ffd6 418->436 437 6cf2fe6d-6cf2fe8b 418->437 419->389 420->389 432 6cf301aa-6cf301b2 421->432 433 6cf301b8-6cf301cd 421->433 422->388 434 6cf30206-6cf3022f WriteFile 422->434 424->388 430 6cf30134-6cf30142 424->430 440 6cf300e9-6cf300fe 425->440 441 6cf300cf-6cf300e3 425->441 426->427 427->400 427->414 428->393 435 6cf0f0cf-6cf0f0da 428->435 430->393 442 6cf30148-6cf30153 430->442 432->433 433->410 433->422 449 6cf30231-6cf30239 434->449 450 6cf3023d-6cf30243 GetLastError 434->450 435->393 435->397 447 6cf2ffd8-6cf2ffda 436->447 448 6cf2ffdc-6cf2fff7 436->448 444 6cf2fea2-6cf2feae call 6cf0d02e 437->444 445 6cf2fe8d-6cf2fea0 437->445 440->412 440->424 441->440 442->393 452 6cf30159 442->452 470 6cf2feb0-6cf2fec0 444->470 471 6cf2feea-6cf2feec 444->471 457 6cf2feed-6cf2feff call 6cf0d04d 445->457 447->448 454 6cf2fffd-6cf2ffff 447->454 448->454 455 6cf3023b 449->455 456 6cf30249-6cf3024b 449->456 450->456 452->405 462 6cf30001-6cf30003 454->462 463 6cf30005-6cf30018 call 6cf7976c 454->463 455->434 456->393 464 6cf30251-6cf30266 456->464 457->393 472 6cf2ff05-6cf2ff30 WideCharToMultiByte 457->472 462->463 467 6cf30057-6cf30060 462->467 463->388 478 6cf3001e-6cf3002c 463->478 464->393 469 6cf3026c 464->469 467->393 473 6cf30066 467->473 469->401 474 6cf2fec6-6cf2fedb call 6cf0d04d 470->474 475 6cf3006b-6cf3007f 470->475 471->457 472->393 477 6cf2ff36-6cf2ff57 WriteFile 472->477 473->418 474->393 485 6cf2fee1-6cf2fee8 474->485 475->393 477->388 481 6cf2ff5d-6cf2ff77 477->481 478->467 480 6cf3002e-6cf30045 call 6cf7976c 478->480 480->388 489 6cf3004b-6cf30051 480->489 481->393 483 6cf2ff7d-6cf2ff84 481->483 483->467 487 6cf2ff8a-6cf2ffb0 WriteFile 483->487 485->472 487->388 488 6cf2ffb6-6cf2ffbd 487->488 488->393 490 6cf2ffc3-6cf2ffcf 488->490 489->467 490->467
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _isatty.MSVCR100(?,?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002), ref: 6CF0EBF3
                                                                                                                                                                                                      • WriteFile.KERNELBASE(00000000,?,?,?,00000000,?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE), ref: 6CF0EC24
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF0F105
                                                                                                                                                                                                      • __doserrno.MSVCR100(00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?), ref: 6CF2FD8D
                                                                                                                                                                                                      • _errno.MSVCR100(00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?), ref: 6CF2FD94
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?), ref: 6CF2FD9F
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0), ref: 6CF2FDBA
                                                                                                                                                                                                      • _errno.MSVCR100(?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0), ref: 6CF2FDC2
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0), ref: 6CF2FDCD
                                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 6CF2FDDE
                                                                                                                                                                                                      • _getptd.MSVCR100(?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0), ref: 6CF2FDF8
                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002), ref: 6CF2FE16
                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?), ref: 6CF2FE36
                                                                                                                                                                                                      • isleadbyte.MSVCR100(00000000), ref: 6CF2FEA6
                                                                                                                                                                                                      • __fassign.LIBCMT(?,?,00000002), ref: 6CF2FED0
                                                                                                                                                                                                      • __fassign.LIBCMT(?,?,00000001), ref: 6CF2FEF4
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6CF2FF26
                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6CF2FF4F
                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6CF2FFA8
                                                                                                                                                                                                      • _putwch_nolock.MSVCR100(?), ref: 6CF3000B
                                                                                                                                                                                                      • _putwch_nolock.MSVCR100(0000000D), ref: 6CF30038
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileWrite$Console__doserrno__fassign_errno_invalid_parameter_noinfo_putwch_nolock$ByteCharErrorLastModeMultiWide__lseeki64_nolock_getptd_isattyisleadbyte
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1737003884-0
                                                                                                                                                                                                      • Opcode ID: 589c6964a82f3a94e51e51563f11b9567eb387b13f8be87ee1ac703543ba8e16
                                                                                                                                                                                                      • Instruction ID: 133a1cbaeecc1e77e5927346802db794a5dd57bbd171a0028c5889e389e94882
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 589c6964a82f3a94e51e51563f11b9567eb387b13f8be87ee1ac703543ba8e16
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60128D71B062689FCB608F68CC94BD9B7B4FF06718F0441DAE41AD6E81D7748A84CF92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5378B Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 680 6cf5378b-6cf537ab 681 6cf537ae-6cf537b1 680->681 682 6cf537b3-6cf537b7 681->682 683 6cf537ad 681->683 684 6cf537e5 682->684 685 6cf537b9-6cf537bb 682->685 683->681 686 6cf537ea 684->686 687 6cf537bd-6cf537bf 685->687 688 6cf537df-6cf537e3 685->688 689 6cf537ee-6cf537f7 686->689 690 6cf537c1-6cf537d3 call 6cf00815 call 6cf7af7e 687->690 691 6cf537d8-6cf537dd 687->691 688->689 692 6cf537fd-6cf53800 689->692 693 6cf539be-6cf539c1 689->693 719 6cf53a17-6cf53a1a 690->719 691->686 697 6cf53805-6cf53807 692->697 695 6cf539c3-6cf539c6 693->695 696 6cf539bd 693->696 699 6cf539c8-6cf539d8 call 6cf00815 call 6cf7af7e 695->699 700 6cf539da-6cf539ea call 6cf77a26 695->700 696->693 701 6cf53925-6cf53929 697->701 702 6cf5380d-6cf53813 697->702 728 6cf539f6-6cf539f8 699->728 716 6cf539ef-6cf539f4 700->716 708 6cf53931-6cf53934 701->708 709 6cf5392b 701->709 705 6cf538ac-6cf538af 702->705 706 6cf53819 702->706 714 6cf538b1-6cf538b4 705->714 715 6cf5390b-6cf53912 705->715 712 6cf5381b-6cf5381e 706->712 713 6cf5389a-6cf5389e 706->713 717 6cf53936-6cf53948 call 6cf60419 708->717 718 6cf53930 708->718 709->693 724 6cf53824-6cf53827 712->724 725 6cf5391a-6cf5391f 712->725 720 6cf53914-6cf53916 713->720 723 6cf538a0-6cf538aa 713->723 726 6cf538b6-6cf538b7 714->726 727 6cf538fb-6cf53901 714->727 715->720 721 6cf53918 715->721 716->728 729 6cf539fa-6cf53a13 716->729 717->699 745 6cf5394a-6cf5394d 717->745 718->708 720->725 721->725 723->725 733 6cf53829-6cf5382a 724->733 734 6cf5387b-6cf5387e 724->734 725->697 725->701 735 6cf538e9-6cf538ed 726->735 736 6cf538b9-6cf538bc 726->736 727->720 731 6cf53903-6cf53909 727->731 737 6cf53a16 728->737 729->737 731->725 741 6cf5382c-6cf5382f 733->741 742 6cf5386f-6cf53876 733->742 734->720 740 6cf53884-6cf53895 734->740 735->720 739 6cf538ef-6cf538f9 735->739 743 6cf538d3-6cf538d7 736->743 744 6cf538be-6cf538c1 736->744 737->719 739->725 740->725 746 6cf53831-6cf53834 741->746 747 6cf5385e-6cf53861 741->747 742->720 743->720 749 6cf538d9-6cf538e7 743->749 744->699 748 6cf538c7-6cf538cd 744->748 750 6cf53950-6cf53953 745->750 754 6cf53857-6cf53859 746->754 755 6cf53836-6cf53839 746->755 747->720 751 6cf53867-6cf5386a 747->751 748->720 756 6cf538cf-6cf538d1 748->756 749->725 752 6cf53955-6cf53958 750->752 753 6cf5394f 750->753 751->725 752->699 757 6cf5395a-6cf5395e 752->757 753->750 754->725 755->699 758 6cf5383f-6cf53842 755->758 756->725 757->757 759 6cf53960-6cf53972 call 6cf608c3 757->759 758->720 760 6cf53848-6cf53852 758->760 763 6cf53974-6cf5397d 759->763 764 6cf5397f-6cf53991 call 6cf608c3 759->764 760->725 763->693 767 6cf53993-6cf5399c 764->767 768 6cf5399e-6cf539b0 call 6cf608c3 764->768 767->693 768->699 771 6cf539b2-6cf539bb 768->771 771->693
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,00000000), ref: 6CF537C1
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,00000000), ref: 6CF537CC
                                                                                                                                                                                                      • __fassign.LIBCMT(ccs,?,00000003,?,?,00000000), ref: 6CF5393E
                                                                                                                                                                                                      • __fassign.LIBCMT(?,UTF-8,00000005,?,?,00000000), ref: 6CF53968
                                                                                                                                                                                                      • __fassign.LIBCMT(?,UTF-16LE,00000008,?,?,?,?,?,00000000), ref: 6CF53987
                                                                                                                                                                                                      • __fassign.LIBCMT(?,UNICODE,00000007,?,?,?,?,?,?,?,?,00000000), ref: 6CF539A6
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,00000000), ref: 6CF539C8
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,00000000), ref: 6CF539D3
                                                                                                                                                                                                      • __wsopen_s.LIBCMT(?,?,00000109,?,00000180,?,?,00000000), ref: 6CF539EA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __fassign$_errno_invalid_parameter_noinfo$__wsopen_s
                                                                                                                                                                                                      • String ID: UNICODE$UTF-16LE$UTF-8$ccs
                                                                                                                                                                                                      • API String ID: 4135599424-3573488595
                                                                                                                                                                                                      • Opcode ID: 2665ee454c4233e41d924f2988ac80fc81f414f4962bad1990322b5f9c475a63
                                                                                                                                                                                                      • Instruction ID: e1d3f0e1c3861d38ab2efee57c279f2ad6857899aaab918d284263d10de34637
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2665ee454c4233e41d924f2988ac80fc81f414f4962bad1990322b5f9c475a63
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D614CF2D4D349AEE7054FAE8400399BBF29B36308FA44169DB54A3D81D3B4C66EC751
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0B1C6 Relevance: 16.6, APIs: 11, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _getptd.MSVCR100(6CF0B210,00000014,6CF0B8AD,000000FD,6CF0B8FD), ref: 6CF0B1D6
                                                                                                                                                                                                        • Part of subcall function 6CF0B22C: _getptd.MSVCR100(6CF0B288,0000000C,6CF0CFE2,?,?,6CF043AA,?), ref: 6CF0B238
                                                                                                                                                                                                        • Part of subcall function 6CF0B22C: _lock.MSVCR100(0000000D), ref: 6CF0B24F
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00000220,6CF0B210,00000014,6CF0B8AD,000000FD,6CF0B8FD), ref: 6CF0C126
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF0C161
                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 6CF0C183
                                                                                                                                                                                                      • _lock.MSVCR100(0000000D), ref: 6CF0C19E
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32 ref: 6CF0C215
                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(00000000), ref: 6CF0C22A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$DecrementIncrement_getptd_lock$_malloc_crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4169461591-0
                                                                                                                                                                                                      • Opcode ID: fe204d097f93c7dd0dbc47dc56d4464c62f9485a26e680186b207d1af3513c8d
                                                                                                                                                                                                      • Instruction ID: 8f063437c35619a7c1d5da8cc6628473f373c9523efe9f28565b4c7b51412fbc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe204d097f93c7dd0dbc47dc56d4464c62f9485a26e680186b207d1af3513c8d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA41D371B14248DFDB009FF5D8A078EBBF0BB0AB28F254919C851DBA52DB74D841EB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF06129 Relevance: 15.2, APIs: 10, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 826 6cf06129-6cf06145 827 6cf062f6-6cf062fb 826->827 828 6cf0614b-6cf06151 826->828 831 6cf06310-6cf06313 827->831 829 6cf06157-6cf06181 MultiByteToWideChar 828->829 830 6cf30d08-6cf30d10 828->830 832 6cf06187 829->832 833 6cf062fd-6cf062ff 829->833 836 6cf30d18-6cf30d21 call 6cf00233 830->836 834 6cf06315-6cf06318 831->834 835 6cf0631d-6cf06324 831->835 837 6cf06301 832->837 838 6cf0618d-6cf06197 832->838 839 6cf0629c-6cf062ad call 6cf00807 833->839 834->831 840 6cf0631a 834->840 841 6cf30d02 835->841 842 6cf0632a 835->842 851 6cf061c0-6cf061c6 836->851 852 6cf30d27 836->852 848 6cf06309-6cf0630b 837->848 838->837 845 6cf0619d-6cf061a6 838->845 840->835 841->830 850 6cf14ff9-6cf14ffa 842->850 845->836 849 6cf061ac-6cf061b5 call 6cf060e0 845->849 853 6cf0624d-6cf0624f 848->853 849->851 862 6cf061b7-6cf061bd 849->862 850->841 851->833 858 6cf061cc-6cf061df MultiByteToWideChar 851->858 861 6cf30d32-6cf30d37 852->861 855 6cf06290-6cf0629b call 6cf0610c 853->855 856 6cf06251-6cf06265 LCMapStringW 853->856 855->839 859 6cf06267-6cf0626c 856->859 860 6cf06289-6cf0628f call 6cf0610c 856->860 858->855 863 6cf061e5-6cf061fe LCMapStringW 858->863 859->850 866 6cf06272-6cf06286 WideCharToMultiByte 859->866 860->855 861->855 867 6cf30d3d-6cf30d40 861->867 862->851 863->855 869 6cf06204-6cf0620c 863->869 866->860 867->855 871 6cf30d46-6cf30d56 LCMapStringW 867->871 869->861 870 6cf06212-6cf06217 869->870 870->848 873 6cf0621d-6cf06227 870->873 871->855 873->848 874 6cf0622d-6cf06233 873->874 875 6cf30d5b-6cf30d64 call 6cf00233 874->875 876 6cf06239-6cf06242 call 6cf060e0 874->876 881 6cf30d66-6cf30d6c 875->881 882 6cf30d6f-6cf30d71 875->882 876->855 883 6cf06244-6cf0624a 876->883 881->882 882->853 883->853
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000100,00000001,00000000,?,?,?,?,?,?,?), ref: 6CF06178
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 6CF061DB
                                                                                                                                                                                                      • LCMapStringW.KERNELBASE(?,?,?,00000000,00000000,00000000), ref: 6CF061F7
                                                                                                                                                                                                      • LCMapStringW.KERNEL32(?,?,?,?,00000000,?), ref: 6CF06261
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 6CF06280
                                                                                                                                                                                                      • _freea_s.MSVCR100(00000000), ref: 6CF0628A
                                                                                                                                                                                                      • _freea_s.MSVCR100(?), ref: 6CF06293
                                                                                                                                                                                                      • malloc.MSVCR100(00000008), ref: 6CF30D19
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide$String_freea_s$malloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1406006131-0
                                                                                                                                                                                                      • Opcode ID: 9d34d8fcbac730996b76a0827d4d104fcc804d4626a813f3d8060c04479226e2
                                                                                                                                                                                                      • Instruction ID: 2d7a4d369c633dffe9f2aad4c7626094d76226901ee78dbb77e5695756f2332f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d34d8fcbac730996b76a0827d4d104fcc804d4626a813f3d8060c04479226e2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6051C572B0014AFFEF018F94CCA09EE7BB6EB89754B214529FD24D6650D731D890EB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF17998 Relevance: 15.1, APIs: 10, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock.MSVCR100(00000008,6CF17A68,00000018,6CF4BF47,00000001,00000001,00000000,?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5), ref: 6CF179BA
                                                                                                                                                                                                      • DecodePointer.KERNEL32(6CF17A68,00000018,6CF4BF47,00000001,00000001,00000000,?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5,0000000D), ref: 6CF179F4
                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5,0000000D), ref: 6CF17A09
                                                                                                                                                                                                      • _encoded_null.MSVCR100(?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5,0000000D), ref: 6CF17A20
                                                                                                                                                                                                      • DecodePointer.KERNEL32(-00000004,?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5,0000000D), ref: 6CF17A2F
                                                                                                                                                                                                      • _encoded_null.MSVCR100(?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5,0000000D), ref: 6CF17A33
                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5,0000000D), ref: 6CF17A42
                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5,0000000D), ref: 6CF17A4C
                                                                                                                                                                                                        • Part of subcall function 6CF178EC: GetModuleHandleW.KERNEL32(00000000,6CF179B0,6CF17A68,00000018,6CF4BF47,00000001,00000001,00000000,?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001), ref: 6CF178EE
                                                                                                                                                                                                      • ___crtCorExitProcess.LIBCMT ref: 6CF27405
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DecodePointer$_encoded_null$ExitHandleModuleProcess___crt_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 729311798-0
                                                                                                                                                                                                      • Opcode ID: 1ef8185263a0583a186cdf79094a891de589a508886a23974d185f93da98d0ac
                                                                                                                                                                                                      • Instruction ID: 473c5395b9f9ff1570c4c4de8e3e434f6b71dfb550a4acafe9ec3e55aa03e3be
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ef8185263a0583a186cdf79094a891de589a508886a23974d185f93da98d0ac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1314970E5864ADFEF009FB9C8807DDBAF1BB49319F54452BD008A6E60DBB54A48DF50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 000353EA Relevance: 14.7, APIs: 4, Strings: 4, Instructions: 713stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • strlen.MSVCR100(?,?,00000006,?,00000010), ref: 00035726
                                                                                                                                                                                                      • strlen.MSVCR100(.java,00000006,?,00000010), ref: 00035B8F
                                                                                                                                                                                                      • strncat.MSVCR100(00000000,?,?,00000000,00000001,00000001,00000006,?,00000010), ref: 00035BD4
                                                                                                                                                                                                      • strcat.MSVCR100(?,.java), ref: 00035BDE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: strlen$strcatstrncat
                                                                                                                                                                                                      • String ID: .java$bad attribute index$bad layout index$too many InnerClasses attrs
                                                                                                                                                                                                      • API String ID: 1206764466-3778718679
                                                                                                                                                                                                      • Opcode ID: 637dc3f785229c76825f548f5baa11116a05ac1509f7d5f6b5476d707eade9c2
                                                                                                                                                                                                      • Instruction ID: 3e5f1159313950d1353896338ed12ef47d72a6effe9e84b5012634f05827ed73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 637dc3f785229c76825f548f5baa11116a05ac1509f7d5f6b5476d707eade9c2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7552AF70A00A15CFCB65EB64DC91BEDB3F9EF64316F14052DE51A9B2A3DB35A842CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF12ACE Relevance: 13.7, APIs: 9, Instructions: 165COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1237 6cf12ace-6cf12aea 1238 6cf12af0-6cf12af4 1237->1238 1239 6cf12707-6cf12709 1237->1239 1238->1239 1240 6cf12afa-6cf12afc 1238->1240 1241 6cf12b96-6cf12b9a 1239->1241 1242 6cf12b02-6cf12b07 1240->1242 1243 6cf28c29-6cf28c2e call 6cf00815 1240->1243 1244 6cf28c3e-6cf28c41 1242->1244 1245 6cf12b0d-6cf12b17 1242->1245 1255 6cf28c34-6cf28c39 call 6cf7af7e 1243->1255 1247 6cf28c43-6cf28c4c call 6cef2680 1244->1247 1248 6cf28c4f-6cf28c51 1244->1248 1245->1244 1249 6cf12b1d-6cf12b2d 1245->1249 1247->1248 1248->1243 1252 6cf28c53-6cf28c5d 1248->1252 1253 6cf12b33-6cf12b36 1249->1253 1254 6cf126fb-6cf12702 1249->1254 1252->1249 1258 6cf28c63 1252->1258 1259 6cf12b39-6cf12b3b 1253->1259 1254->1259 1255->1239 1258->1243 1261 6cf12b93 1259->1261 1262 6cf12b3d-6cf12b44 1259->1262 1261->1241 1263 6cf130a4-6cf130a7 1262->1263 1264 6cf12b4a-6cf12b4f 1262->1264 1265 6cf28c65-6cf28c69 1263->1265 1266 6cf130ad-6cf130ae call 6cf0cd7c 1263->1266 1264->1263 1267 6cf12b55 1264->1267 1269 6cf28c8a-6cf28c91 1265->1269 1270 6cf28c6b-6cf28c74 1265->1270 1274 6cf130b3-6cf130b7 1266->1274 1271 6cf12b5b-6cf12b5f 1267->1271 1272 6cf1271d-6cf12721 1267->1272 1279 6cf28c93 1269->1279 1280 6cf28c95-6cf28c98 1269->1280 1275 6cf28c76-6cf28c7d 1270->1275 1276 6cf28c7f-6cf28c84 1270->1276 1277 6cf12b65-6cf12b68 1271->1277 1278 6cf12ac7-6cf12ac9 1271->1278 1273 6cf130da-6cf130e3 1272->1273 1273->1241 1274->1273 1283 6cf130b9-6cf130bd 1274->1283 1284 6cf28c86-6cf28c88 1275->1284 1276->1284 1282 6cf1270e-6cf12712 1277->1282 1285 6cf12b6e-6cf12b91 call 6cf00110 1277->1285 1278->1277 1279->1280 1281 6cf28c9e-6cf28caa call 6cf0a4ca call 6cf0ac1f 1280->1281 1280->1282 1298 6cf28caf-6cf28cb4 1281->1298 1289 6cf12718 1282->1289 1290 6cf28ccc-6cf28cd9 call 6cef2680 1282->1290 1283->1282 1288 6cf130c3-6cf130d2 1283->1288 1284->1280 1285->1261 1285->1262 1288->1273 1291 6cf28cdc-6cf28ce7 call 6cf00815 1289->1291 1290->1291 1291->1255 1300 6cf28cb6-6cf28cb9 1298->1300 1301 6cf28cec 1298->1301 1300->1272 1302 6cf28cbf-6cf28cc4 1300->1302 1302->1290
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy_s.MSVCR100(?,?,?,?), ref: 6CF12B77
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF28C29
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF28C34
                                                                                                                                                                                                      • _memset.LIBCMT(?,00000000,?), ref: 6CF28C47
                                                                                                                                                                                                      • _fileno.MSVCR100(?,?,?), ref: 6CF28CA3
                                                                                                                                                                                                      • _read.MSVCR100(00000000,?,?), ref: 6CF28CAA
                                                                                                                                                                                                      • _memset.LIBCMT(?,00000000,000000FF), ref: 6CF28CD4
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF28CDC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_memset$_fileno_invalid_parameter_noinfo_readmemcpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4008029522-0
                                                                                                                                                                                                      • Opcode ID: ea06c9316b69e41418aee8b295703aa7f9750001880cb7c51aff1093a0dbb4b0
                                                                                                                                                                                                      • Instruction ID: c8910c42a94fefc80b32839e9edf5d129a54c13a75b2a7c16ecf42cf7c77c481
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea06c9316b69e41418aee8b295703aa7f9750001880cb7c51aff1093a0dbb4b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6351F772A06609DFDB108FE9C84469E77B5AF42328F20862AE43097ED0D736DA54CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0ED1C Relevance: 13.6, APIs: 9, Instructions: 132COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1303 6cf0ed1c-6cf0ed35 call 6cf0a4ca 1306 6cf0ed3b-6cf0ed3d 1303->1306 1307 6cf288cd-6cf288d2 call 6cf00815 1303->1307 1309 6cf0ed43-6cf0ed48 1306->1309 1310 6cf288e4-6cf288ef call 6cf00815 1306->1310 1315 6cf288d8-6cf288dc 1307->1315 1313 6cf288f1-6cf288f6 1309->1313 1314 6cf0ed4e-6cf0ed65 1309->1314 1310->1315 1317 6cf28915-6cf2891b 1313->1317 1318 6cf288f8-6cf28900 1313->1318 1319 6cf0ed6b-6cf0ed73 1314->1319 1320 6cf1276f-6cf12779 call 6cf03a30 1314->1320 1315->1310 1324 6cf28923-6cf28935 call 6cf7862b 1317->1324 1327 6cf28908-6cf28910 call 6cf0eb23 1318->1327 1322 6cf0ed79-6cf0ed8e 1319->1322 1323 6cf2893d-6cf28950 call 6cf0ec6d 1319->1323 1320->1327 1335 6cf1277f-6cf12789 call 6cf03a30 1320->1335 1328 6cf0ed90-6cf0ed95 call 6cf0ec6d 1322->1328 1329 6cf0edbe-6cf0edc4 1322->1329 1345 6cf28958-6cf2895f 1323->1345 1342 6cf0eda0-6cf0edab 1324->1342 1343 6cf2893b 1324->1343 1327->1317 1338 6cf0ed9a-6cf0ed9d 1328->1338 1332 6cf127a5 1329->1332 1333 6cf0edca-6cf0edcd 1329->1333 1332->1307 1333->1332 1340 6cf0edd3-6cf0edeb 1333->1340 1335->1327 1348 6cf1278f-6cf12796 call 6cf0ce64 1335->1348 1338->1342 1340->1342 1344 6cf0eded 1340->1344 1342->1345 1347 6cf0edb1-6cf0edbd 1342->1347 1343->1345 1344->1324
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _fileno.MSVCR100(6CF108FE,?,?,?,6CF108FE,00000040,?), ref: 6CF0ED27
                                                                                                                                                                                                      • _write.MSVCR100(6CF108FE,FFFF9B4B,00000000,00000000,6CFA45D0,?,?,?,6CF108FE,00000040,?), ref: 6CF0ED95
                                                                                                                                                                                                      • __p__iob.MSVCR100(6CFA45D0,?,?,?,6CF108FE,00000040,?), ref: 6CF1276F
                                                                                                                                                                                                      • __p__iob.MSVCR100(6CFA45D0,?,?,?,6CF108FE,00000040,?), ref: 6CF1277F
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF108FE,00000040,?), ref: 6CF288CD
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF108FE,00000040,?), ref: 6CF288E4
                                                                                                                                                                                                      • _isatty.MSVCR100(6CF108FE,6CFA45D0,?,?,?,6CF108FE,00000040,?), ref: 6CF2890B
                                                                                                                                                                                                      • __lseeki64.LIBCMT(6CF108FE,00000000,00000000,00000002,00000000,6CFA45D0,?,?,?,6CF108FE,00000040,?), ref: 6CF28928
                                                                                                                                                                                                      • _write.MSVCR100(6CF108FE,00000040,00000001,00000000,6CFA45D0,?,?,?,6CF108FE,00000040,?), ref: 6CF28948
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __p__iob_errno_write$__lseeki64_fileno_isatty
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2198290031-0
                                                                                                                                                                                                      • Opcode ID: 6272d804699a15e246976f194d200eaa3f36c4798f48c5ee375ac3d415b8936e
                                                                                                                                                                                                      • Instruction ID: c12709389602cd386cf871da4113bd7417f0e3d54b2df5b653b72344c92f5217
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6272d804699a15e246976f194d200eaa3f36c4798f48c5ee375ac3d415b8936e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5410472A05604DFD7208F68C851A9B7BE0EF42B38B14C61AE8FA97ED0D738D900DB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0AC1F Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF0ACE4
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF2FD1D
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF2FD25
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF2FD3B
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF2FD46
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF2FD4D
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF2FD55
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF2FD62
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0ACC0,00000010,6CF0CDD1,00000000,?,?,?,?,6CF13129,?), ref: 6CF2FD6D
                                                                                                                                                                                                        • Part of subcall function 6CF0A4DF: EnterCriticalSection.KERNEL32(00000108,6CF0A540,0000000C,6CF0ECC3,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?), ref: 6CF0A530
                                                                                                                                                                                                        • Part of subcall function 6CF0AB09: ReadFile.KERNELBASE(?,00000040,?,?,00000000,?,?,?), ref: 6CF0ABCF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __doserrno_errno$CriticalEnterFileReadSection_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 590220429-0
                                                                                                                                                                                                      • Opcode ID: 76a99d63e2a64f80df75e3f94152defb806fd07fcff06aa9879c846135e341d3
                                                                                                                                                                                                      • Instruction ID: 7dfd68ff05d6d4464b1fdf7df283ac7a0bddcbbbfecc39391b886fa6b303b582
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76a99d63e2a64f80df75e3f94152defb806fd07fcff06aa9879c846135e341d3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8210172A50245CFD7119FA8C8A07D977E0BF02B29F528640D0305BAE0CBBCC804EB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0CD7C Relevance: 12.1, APIs: 8, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1393 6cf0cd7c-6cf0cd87 1394 6cf0cd8d-6cf0cd92 1393->1394 1395 6cf2870c-6cf2871c call 6cf00815 call 6cf7af7e 1393->1395 1396 6cf12fe6 1394->1396 1397 6cf0cd98-6cf0cd9a 1394->1397 1401 6cf28721-6cf28727 1395->1401 1396->1395 1397->1396 1399 6cf0cda0-6cf0cda2 1397->1399 1399->1401 1402 6cf0cda8-6cf0cdb3 1399->1402 1401->1396 1404 6cf0ce58-6cf0ce5f call 6cf0ce64 1402->1404 1405 6cf0cdb9-6cf0cdbc 1402->1405 1407 6cf0cdbe-6cf0cdcc call 6cf0a4ca call 6cf0ac1f 1404->1407 1405->1407 1413 6cf0cdd1-6cf0cdd9 1407->1413 1414 6cf12fc9-6cf12fda 1413->1414 1415 6cf0cddf-6cf0cde2 1413->1415 1414->1396 1415->1414 1416 6cf0cde8-6cf0cdec 1415->1416 1417 6cf0ce3d-6cf0ce44 1416->1417 1418 6cf0cdee-6cf0cdf8 call 6cf0a4ca 1416->1418 1419 6cf28738-6cf2873d 1417->1419 1420 6cf0ce4a-6cf0ce57 1417->1420 1424 6cf12fdc 1418->1424 1425 6cf0cdfe-6cf0ce08 call 6cf0a4ca 1418->1425 1419->1420 1423 6cf28743-6cf28748 1419->1423 1423->1420 1426 6cf2874e-6cf28755 1423->1426 1424->1396 1425->1424 1429 6cf0ce0e-6cf0ce37 call 6cf0a4ca * 2 1425->1429 1426->1420 1429->1417 1434 6cf2872c-6cf28733 1429->1434 1434->1417
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _fileno.MSVCR100(?,?,?,?,?,6CF13129,?), ref: 6CF0CDC5
                                                                                                                                                                                                      • _read.MSVCR100(00000000,?,?,?,?,6CF13129,?), ref: 6CF0CDCC
                                                                                                                                                                                                      • _fileno.MSVCR100(?), ref: 6CF0CDEF
                                                                                                                                                                                                      • _fileno.MSVCR100(?), ref: 6CF0CDFF
                                                                                                                                                                                                      • _fileno.MSVCR100(?), ref: 6CF0CE10
                                                                                                                                                                                                      • _fileno.MSVCR100(?,?), ref: 6CF0CE20
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF13129,?), ref: 6CF2870C
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,6CF13129,?), ref: 6CF28717
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fileno$_errno_invalid_parameter_noinfo_read
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2022966298-0
                                                                                                                                                                                                      • Opcode ID: b89d3cfd48ceba03cae26c949146ef243fda96cbb98a1fae2f62c259e7f0074a
                                                                                                                                                                                                      • Instruction ID: 456b1b8815bced34a45b00645ccc290ef1fb04e898bc39642d74da9de911bdcb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b89d3cfd48ceba03cae26c949146ef243fda96cbb98a1fae2f62c259e7f0074a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F313932619B048ED3211A69D814BD777E4AF43B78B208A1ED4F986EE0D734E145ABA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF00233 Relevance: 12.1, APIs: 8, Instructions: 60memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1435 6cf00233-6cf0023f 1436 6cf00245-6cf00246 1435->1436 1437 6cf2f26f-6cf2f281 call 6cf4b62f call 6cf00815 1435->1437 1439 6cf00247-6cf0024e 1436->1439 1441 6cf00254-6cf00256 1439->1441 1442 6cf2f227-6cf2f240 call 6cf4c244 call 6cf4c050 call 6cf17980 1439->1442 1444 6cf00282-6cf00285 1441->1444 1445 6cf00258 1441->1445 1451 6cf2f241-6cf2f24a 1442->1451 1449 6cf0025a-6cf0026d RtlAllocateHeap 1444->1449 1445->1449 1449->1451 1452 6cf00273-6cf00279 1449->1452 1454 6cf2f25c-6cf2f261 call 6cf00815 1451->1454 1455 6cf2f24c-6cf2f255 call 6cf4b62f 1451->1455 1463 6cf2f263-6cf2f268 call 6cf00815 1454->1463 1455->1463 1464 6cf2f257 1455->1464 1463->1437 1464->1439
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6CF00B42,00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7), ref: 6CF00263
                                                                                                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 6CF2F227
                                                                                                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 6CF2F22E
                                                                                                                                                                                                      • _callnewh.MSVCR100(00000001,00000001,00000000,00000000,?,6CF00B42,00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7,00000001), ref: 6CF2F24D
                                                                                                                                                                                                      • _callnewh.MSVCR100(00000001,00000000,?,6CF00B42,00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF2F270
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,?,6CF00B42,00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5), ref: 6CF2F276
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _callnewh$AllocateHeap_errno
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4160251224-0
                                                                                                                                                                                                      • Opcode ID: 3a2171db17690a558127835a13fc2149cf543815b1f97c727ecb9e246f440200
                                                                                                                                                                                                      • Instruction ID: 8c45614e4068273322520c0916aeea51a4480e6531151175b2d40334bb375968
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a2171db17690a558127835a13fc2149cf543815b1f97c727ecb9e246f440200
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C01F936354795DBF7412EF9EC50B9E3798AF83B5CF105035E11496EC1CFB488459660
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0B7A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1467 6cf0b7a4-6cf0b7d2 GetCPInfo 1468 6cf0b7d8 1467->1468 1469 6cf2a80e-6cf2a820 1467->1469 1471 6cf0b7da-6cf0b7e4 1468->1471 1470 6cf2a826-6cf2a83b 1469->1470 1472 6cf2a847-6cf2a84a 1470->1472 1473 6cf2a83d-6cf2a845 1470->1473 1471->1471 1474 6cf0b7e6-6cf0b7f5 1471->1474 1476 6cf2a858 1472->1476 1477 6cf2a84c-6cf2a851 1472->1477 1475 6cf2a854-6cf2a856 1473->1475 1478 6cf2a7d8 1474->1478 1479 6cf0b7fb-6cf0b836 call 6cf06407 call 6cf062ae 1474->1479 1480 6cf2a85b-6cf2a85e 1475->1480 1476->1480 1477->1475 1481 6cf2a7de-6cf2a7e6 1478->1481 1493 6cf0b83b-6cf0b863 call 6cf062ae 1479->1493 1484 6cf2a864 1480->1484 1485 6cf0b887-6cf0b894 call 6cf00807 1480->1485 1486 6cf2a7e8-6cf2a7fb call 6cef2680 1481->1486 1487 6cf2a7fe-6cf2a806 1481->1487 1484->1470 1486->1487 1487->1479 1490 6cf2a80c 1487->1490 1490->1481 1497 6cf0b865-6cf0b870 1493->1497 1498 6cf0b876-6cf0b879 1497->1498 1499 6cf0b78c-6cf0b791 1497->1499 1500 6cf0b895-6cf0b8a1 1498->1500 1501 6cf0b87b 1498->1501 1502 6cf0b798-6cf0b79f 1499->1502 1500->1502 1503 6cf0b882-6cf0b885 1501->1503 1502->1503 1503->1485 1503->1497
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?,00000000,00000001), ref: 6CF0B7C5
                                                                                                                                                                                                      • ___crtGetStringTypeA.LIBCMT ref: 6CF0B816
                                                                                                                                                                                                      • __crtLCMapStringA.MSVCR100(00000000,?,00000100,00000020,00000100,?,00000100,?,00000000,00000000,00000001,00000020,00000100,?,?,?), ref: 6CF0B836
                                                                                                                                                                                                      • __crtLCMapStringA.MSVCR100(00000000,?,00000200,00000020,00000100,?,00000100,?,00000000), ref: 6CF0B85B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$__crt$InfoType___crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3423027535-3916222277
                                                                                                                                                                                                      • Opcode ID: 1c35e47dc667e76f91bfa7f4933422567ca6c7c77aacdc3b710cc98578790cb3
                                                                                                                                                                                                      • Instruction ID: cb97ba9f30faf814b7df1298b8c820e72fd78ff450580b31c0e4c73d6b34849f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c35e47dc667e76f91bfa7f4933422567ca6c7c77aacdc3b710cc98578790cb3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 874116B160479C9FDB218F64CC94FEB7BFCEB05708F1448E8E9C686582D2759A469F20
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A6BA Relevance: 10.6, APIs: 7, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1504 6cf0a6ba-6cf0a6ce call 6cf0a675 1507 6cf0a6d0-6cf0a6d8 1504->1507 1508 6cf0a6fd 1504->1508 1509 6cf15adf-6cf15ae6 1507->1509 1510 6cf0a6de-6cf0a6e1 1507->1510 1511 6cf0a6ff-6cf0a71f call 6cf0a5fd 1508->1511 1509->1510 1512 6cf15aec 1509->1512 1513 6cf15ab6-6cf15aba 1510->1513 1514 6cf0a6e7-6cf0a6f7 call 6cf0a675 FindCloseChangeNotification 1510->1514 1520 6cf2f4c7-6cf2f4ce call 6cf0aabf 1511->1520 1521 6cf0a725-6cf0a72a 1511->1521 1516 6cf15ac0-6cf15ad4 call 6cf0a675 * 2 1512->1516 1513->1514 1513->1516 1514->1508 1524 6cf2f4ba-6cf2f4c2 GetLastError 1514->1524 1516->1514 1529 6cf15ada 1516->1529 1524->1511 1529->1508
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _get_osfhandle.MSVCR100(?,?,?,?,6CF0A795,?,6CF0A7B0,00000010), ref: 6CF0A6C5
                                                                                                                                                                                                      • _get_osfhandle.MSVCR100(?), ref: 6CF0A6E8
                                                                                                                                                                                                        • Part of subcall function 6CF0A675: __doserrno.MSVCR100(?,6CF785C4,?,?,?,?,?,?,6CF2FDE3,?,00000000,00000000,00000002,?,00000002,?), ref: 6CF0A6B0
                                                                                                                                                                                                        • Part of subcall function 6CF0A675: _errno.MSVCR100(?,6CF785C4,?,?,?,?,?,?,6CF2FDE3,?,00000000,00000000,00000002,?,00000002,?), ref: 6CF3042A
                                                                                                                                                                                                        • Part of subcall function 6CF0A675: _invalid_parameter_noinfo.MSVCR100(?,6CF785C4,?,?,?,?,?,?,6CF2FDE3,?,00000000,00000000,00000002,?,00000002,?), ref: 6CF30435
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 6CF0A6EF
                                                                                                                                                                                                      • _get_osfhandle.MSVCR100(00000002), ref: 6CF15AC2
                                                                                                                                                                                                      • _get_osfhandle.MSVCR100(00000001,00000002), ref: 6CF15ACB
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF2F4BA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_osfhandle$ChangeCloseErrorFindLastNotification__doserrno_errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2334689750-0
                                                                                                                                                                                                      • Opcode ID: 0afc643843f270e91dab62f7850d2ae4149ecc44a1ce53d126bdef16922a339d
                                                                                                                                                                                                      • Instruction ID: 51b7edeafec062cb04eb767a115a2f8696da6e17f4ea65590055650482ffaa1d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0afc643843f270e91dab62f7850d2ae4149ecc44a1ce53d126bdef16922a339d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F118E337651906AC3115278A824BAE36F48FC3F7CF250156E8358BFD0DF65C881A254
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0EC6D Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?,?,6CF13911,?,?), ref: 6CF0EB19
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?,?,6CF13911,?,?), ref: 6CF302EE
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?,?,6CF13911,?,?), ref: 6CF302F6
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?,?,6CF13911,?,?), ref: 6CF3030C
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?,?,6CF13911,?,?), ref: 6CF30317
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?,?,6CF13911,?,?), ref: 6CF3031E
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?,?,6CF13911,?,?), ref: 6CF30329
                                                                                                                                                                                                        • Part of subcall function 6CF0A4DF: EnterCriticalSection.KERNEL32(00000108,6CF0A540,0000000C,6CF0ECC3,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?), ref: 6CF0A530
                                                                                                                                                                                                        • Part of subcall function 6CF0EB64: _isatty.MSVCR100(?,?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002), ref: 6CF0EBF3
                                                                                                                                                                                                        • Part of subcall function 6CF0EB64: WriteFile.KERNELBASE(00000000,?,?,?,00000000,?,00000002,?,?,6CF0ECE1,?,?,?,6CF0ED00,00000010,6CF289FE), ref: 6CF0EC24
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __doserrno_errno$CriticalEnterFileSectionWrite_invalid_parameter_noinfo_isatty
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3635451409-0
                                                                                                                                                                                                      • Opcode ID: dfdb387935171b142a50e47a68ad6938645d1cc07fa9d4542bb76a02b01f4f46
                                                                                                                                                                                                      • Instruction ID: ffb7b427cdb028d02a9c2e24987d391b4397eada45a326765d8099a2b1aa4f1b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfdb387935171b142a50e47a68ad6938645d1cc07fa9d4542bb76a02b01f4f46
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E11EB72B01784DFD7118FA8C8A039936A0AF02B2DF215285D4355BAE0DBB98904ABE1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF11257 Relevance: 9.1, APIs: 6, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_flsbuf_invalid_parameter_noinfomemcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 508512864-0
                                                                                                                                                                                                      • Opcode ID: 7efec1b554ea05a4a6ce1ba3b23343c2239ce6dfadb32a85e6223268b8b2a5f4
                                                                                                                                                                                                      • Instruction ID: 2dbcd09d37ff3c187ac33abefcdb9fa6887ae555a79792f2e0cae5c1df29d455
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7efec1b554ea05a4a6ce1ba3b23343c2239ce6dfadb32a85e6223268b8b2a5f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33411432A09604DBDB148FE9C884A9FBBB5AF92364F30862ED42597E40D771DA458B40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A72B Relevance: 9.1, APIs: 6, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0A7B0,00000010), ref: 6CF0A7D4
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF0A7B0,00000010), ref: 6CF2F4D6
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0A7B0,00000010), ref: 6CF2F4DE
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0A7B0,00000010), ref: 6CF2F4F4
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF0A7B0,00000010), ref: 6CF2F4FF
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0A7B0,00000010), ref: 6CF2F506
                                                                                                                                                                                                        • Part of subcall function 6CF0A4DF: EnterCriticalSection.KERNEL32(00000108,6CF0A540,0000000C,6CF0ECC3,?,6CF0ED00,00000010,6CF289FE,?,00000000,00000002,?,6CFA45D0,?,?), ref: 6CF0A530
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: _get_osfhandle.MSVCR100(?,?,?,?,6CF0A795,?,6CF0A7B0,00000010), ref: 6CF0A6C5
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: _get_osfhandle.MSVCR100(?), ref: 6CF0A6E8
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: FindCloseChangeNotification.KERNELBASE(00000000), ref: 6CF0A6EF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$__doserrno_get_osfhandle$ChangeCloseCriticalEnterFindNotificationSection_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1516332470-0
                                                                                                                                                                                                      • Opcode ID: 4842ede981c5382d865930e7519c48b119803c414cc5e37f43e4735b81a2b057
                                                                                                                                                                                                      • Instruction ID: 6f51d5018099ec71e8f11280fc2441557e2c5f040f7e88cae981d6d1c91ae011
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4842ede981c5382d865930e7519c48b119803c414cc5e37f43e4735b81a2b057
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC11A072A10755CBE7118FA8C8A03D976F0AF02B2AF118245C4345BFD1CBBC8904AB65
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A80F Relevance: 9.0, APIs: 6, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __freebuf.LIBCMT ref: 6CF0A833
                                                                                                                                                                                                        • Part of subcall function 6CF0A7DE: free.MSVCR100(?,?,?,6CF0A838,?,?), ref: 6CF0A7F5
                                                                                                                                                                                                      • _fileno.MSVCR100(?,?,?), ref: 6CF0A839
                                                                                                                                                                                                      • _close.MSVCR100(00000000,?,?,?), ref: 6CF0A83F
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF28B94
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF28B9F
                                                                                                                                                                                                        • Part of subcall function 6CF0A595: _fileno.MSVCR100(?,?,?,?,?,?,?,6CF0A830,?), ref: 6CF0A5C4
                                                                                                                                                                                                        • Part of subcall function 6CF0A595: _write.MSVCR100(00000000,?,?,?,?,?,?,6CF0A830,?), ref: 6CF0A5CB
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CF28BB4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _filenofree$__freebuf_close_errno_invalid_parameter_noinfo_write
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1941134952-0
                                                                                                                                                                                                      • Opcode ID: 2b65d43e1ba4dcb09057f4a54ac959fe51068b1cd5bba50da3f121dbec665baa
                                                                                                                                                                                                      • Instruction ID: 43f2138d9369667d5dff5b47a1bfa2e3a8131787efc01d1007afab1604f19856
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b65d43e1ba4dcb09057f4a54ac959fe51068b1cd5bba50da3f121dbec665baa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4F0F463B02A1456D7101A7A4C1478772E87F86B7AF14871ADD2897EC0EB78D00B67A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00037DFD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • fwrite.MSVCR100(?,00000001,?), ref: 00037E10
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 00037E2F
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Error: write on output file failed err=%d,00000000), ref: 00037E42
                                                                                                                                                                                                      • exit.MSVCR100(00000001), ref: 00037E4D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Error: write on output file failed err=%d, xrefs: 00037E3A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errnoexitfprintffwrite
                                                                                                                                                                                                      • String ID: Error: write on output file failed err=%d
                                                                                                                                                                                                      • API String ID: 4066964629-1607065499
                                                                                                                                                                                                      • Opcode ID: ec2e0a99c4605ac3d9863fa787a06213e17fa1067bb73330d543c80bc28cbd8b
                                                                                                                                                                                                      • Instruction ID: dacb332491e475e29265c4ea87aa2703e18d431e3d705c2ea36cd4c986ea0821
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec2e0a99c4605ac3d9863fa787a06213e17fa1067bb73330d543c80bc28cbd8b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C219074914349EBDB10EFA8D905A8EB7B4FF58310F40485DF849D7262E774DA00CB9A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF12B9B Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock_file.MSVCR100(?,6CF12C08,0000000C), ref: 6CF12BCA
                                                                                                                                                                                                        • Part of subcall function 6CF0A48D: _lock.MSVCR100(?,?,?,6CF56E10,00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF0A4BA
                                                                                                                                                                                                      • _fread_nolock_s.MSVCR100(?,?,?,?,?,6CF12C08,0000000C), ref: 6CF12BE2
                                                                                                                                                                                                        • Part of subcall function 6CF12ACE: memcpy_s.MSVCR100(?,?,?,?), ref: 6CF12B77
                                                                                                                                                                                                        • Part of subcall function 6CF12726: _unlock_file.MSVCR100(6CF12BF9,6CF12BF9), ref: 6CF12729
                                                                                                                                                                                                      • _memset.LIBCMT(?,00000000,000000FF,?,?,6CF12C08,0000000C), ref: 6CF28D02
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF12C08,0000000C), ref: 6CF28D0A
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,6CF12C08,0000000C), ref: 6CF28D15
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_fread_nolock_s_invalid_parameter_noinfo_lock_lock_file_memset_unlock_filememcpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3226975504-0
                                                                                                                                                                                                      • Opcode ID: 6828548a2de1ea1c75a0bce495ef0629ead04157066c2a0cf2d8fd1afe244766
                                                                                                                                                                                                      • Instruction ID: c878394dd242eceb075aec602927eff4e07f67a4171f9546495376b7eb96a757
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6828548a2de1ea1c75a0bce495ef0629ead04157066c2a0cf2d8fd1afe244766
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F011A7680660AEBCF129FE4D8089DF3B60BF15768F108216F92455EA0D7328665EFD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00021041 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • fopen.MSVCR100(?,000435D8), ref: 00037EF8
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Error: Could not open jar file: %s,?), ref: 00037F15
                                                                                                                                                                                                      • exit.MSVCR100(00000003), ref: 00037F20
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Error: Could not open jar file: %s, xrefs: 00037F0D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: exitfopenfprintf
                                                                                                                                                                                                      • String ID: Error: Could not open jar file: %s
                                                                                                                                                                                                      • API String ID: 2493305589-2195489922
                                                                                                                                                                                                      • Opcode ID: 2195e9dc54ab0090c2cb49e4860e92895a101b7fac0669e8bcadfeabdec131dc
                                                                                                                                                                                                      • Instruction ID: 5eacca971a4575c5279e7860306e3c5502ff1cf798bf66af4d005c6586d310cf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2195e9dc54ab0090c2cb49e4860e92895a101b7fac0669e8bcadfeabdec131dc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6E0DFB510C202EFEB722F14EE04E167BE8FF18311F10083DF08891462DBB18950DB49
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0C046 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(-00000030,00000000,?,00000000), ref: 6CF0C0AF
                                                                                                                                                                                                      • GetCPInfo.KERNEL32(00000000,?), ref: 6CF0C0C2
                                                                                                                                                                                                      • _memset.LIBCMT(0000001D,00000000,00000101), ref: 6CF0C0DA
                                                                                                                                                                                                      • _memset.LIBCMT(0000001D,00000000,00000101,00000000,?,00000000), ref: 6CF2A8ED
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset$CodeInfoPageValid
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1608968462-0
                                                                                                                                                                                                      • Opcode ID: ba89295e891a6252728456701b836d94113b211521bba9fca1658a71eeb90d11
                                                                                                                                                                                                      • Instruction ID: b7844684c9ecdcbc3be01e7a773823a1c4210e36040dcb7b8ed1c0e3616c628c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba89295e891a6252728456701b836d94113b211521bba9fca1658a71eeb90d11
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B510571E042599FDF108FA9C8902AEBBF0EF45708F25846AD8959BA42D378C546DB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF11311 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock_file.MSVCR100(?,6CF11378,0000000C), ref: 6CF1133C
                                                                                                                                                                                                        • Part of subcall function 6CF0A48D: _lock.MSVCR100(?,?,?,6CF56E10,00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF0A4BA
                                                                                                                                                                                                      • _fwrite_nolock.MSVCR100(?,?,?,?,6CF11378,0000000C), ref: 6CF11351
                                                                                                                                                                                                        • Part of subcall function 6CF11257: memcpy.MSVCR100(?,?,?), ref: 6CF112F0
                                                                                                                                                                                                        • Part of subcall function 6CF11394: _unlock_file.MSVCR100(6CF11368,6CF11368), ref: 6CF11397
                                                                                                                                                                                                      • _errno.MSVCR100(6CF11378,0000000C), ref: 6CF28E41
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF11378,0000000C), ref: 6CF28E4C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_fwrite_nolock_invalid_parameter_noinfo_lock_lock_file_unlock_filememcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1711487722-0
                                                                                                                                                                                                      • Opcode ID: 52f698f5654225a86c769e50f601e68683a6ae9f2a5d3a41ea60a796953fe684
                                                                                                                                                                                                      • Instruction ID: 03e1e9011257889b64df5ec34cac68e832af85332947394c86d506761d72a4f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52f698f5654225a86c769e50f601e68683a6ae9f2a5d3a41ea60a796953fe684
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38F06232A05A99EBCF019FA4DC104DE3B70BF14B14F21C565B4249AE54C735CA54EFA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A864 Relevance: 6.0, APIs: 4, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock_file.MSVCR100(?,?,?,?,?,?,?,6CF0A8C0,0000000C), ref: 6CF0A891
                                                                                                                                                                                                        • Part of subcall function 6CF0A48D: _lock.MSVCR100(?,?,?,6CF56E10,00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF0A4BA
                                                                                                                                                                                                      • _fclose_nolock.MSVCR100(?,?,?,?,?,?,?,6CF0A8C0,0000000C), ref: 6CF0A89C
                                                                                                                                                                                                        • Part of subcall function 6CF0A80F: __freebuf.LIBCMT ref: 6CF0A833
                                                                                                                                                                                                        • Part of subcall function 6CF0A80F: _fileno.MSVCR100(?,?,?), ref: 6CF0A839
                                                                                                                                                                                                        • Part of subcall function 6CF0A80F: _close.MSVCR100(00000000,?,?,?), ref: 6CF0A83F
                                                                                                                                                                                                        • Part of subcall function 6CF0A8DC: _unlock_file.MSVCR100(?,6CF0A8B1,?,?,?,?,?,?,6CF0A8C0,0000000C), ref: 6CF0A8DD
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,6CF0A8C0,0000000C), ref: 6CF28BC3
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,6CF0A8C0,0000000C), ref: 6CF28BCE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __freebuf_close_errno_fclose_nolock_fileno_invalid_parameter_noinfo_lock_lock_file_unlock_file
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1403730806-0
                                                                                                                                                                                                      • Opcode ID: efd455d8bed9eb9dfbaa778252f885320b5a4aee06a0487d28653ffab6642a18
                                                                                                                                                                                                      • Instruction ID: 229218b46631b41899b8ecf0eeab4ea89bf97c7c94a127d8c07dc4a12599b077
                                                                                                                                                                                                      • Opcode Fuzzy Hash: efd455d8bed9eb9dfbaa778252f885320b5a4aee06a0487d28653ffab6642a18
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9F06D71E01A05DAE7109FB49820BDE77E07F01B38F2097099434AAAC0CB7C8A07AB94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 000331DB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Wrote %lld bytes to: %s,?,?,?), ref: 00033354
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Wrote %lld bytes to: %s, xrefs: 0003334C
                                                                                                                                                                                                      • EOF reading resource file, xrefs: 000332F2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: EOF reading resource file$Wrote %lld bytes to: %s
                                                                                                                                                                                                      • API String ID: 383729395-1301798111
                                                                                                                                                                                                      • Opcode ID: 69f2628e43a2b181f71c51f808f7c01cb58a191dd9e9142c63b0d6acb3b0e0fc
                                                                                                                                                                                                      • Instruction ID: 9de7ea2331260ef9ea1b28af790df144f655e90ed0e58ecb6cd3ebaf50179728
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69f2628e43a2b181f71c51f808f7c01cb58a191dd9e9142c63b0d6acb3b0e0fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E514C71A00705AFCB25DF69D9C1AEEBBF5FF48300F00852EE59A97251DB30AA94DB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0002CEA5 Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __iob_func_errnofread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2593604610-0
                                                                                                                                                                                                      • Opcode ID: 271576615b2d9366d183a500093509a1e246c42e7e6248ead58495427b0aa975
                                                                                                                                                                                                      • Instruction ID: 834d797de5fb46eadd765410839a15ca82ad1f75598b222a230122927eeeaa58
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 271576615b2d9366d183a500093509a1e246c42e7e6248ead58495427b0aa975
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B21FC35A00269AFEF54CF68E94199EB7F5EF08761F1180A9F805E7211D770DE40CB94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0002CEAA Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __iob_func_errnofread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2593604610-0
                                                                                                                                                                                                      • Opcode ID: 68df0c45c9d18f589ab29191c04222e093ac8eea91888f951953845bbad37838
                                                                                                                                                                                                      • Instruction ID: e6950006a76d354b7a5e53491084a311694bc8375a4ebcced8cb157b1f4f3e19
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68df0c45c9d18f589ab29191c04222e093ac8eea91888f951953845bbad37838
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3221F935A00269AFEF54CFA8E94199EB7F9EF08761F1180A9E805E7211D770EE40CB94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00037D58 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • malloc.MSVCR100(?), ref: 00037D6B
                                                                                                                                                                                                      • memset.MSVCR100(00000000,00000000,?), ref: 00037D80
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Native allocation failed, xrefs: 00037D8C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: mallocmemset
                                                                                                                                                                                                      • String ID: Native allocation failed
                                                                                                                                                                                                      • API String ID: 2882185209-612108426
                                                                                                                                                                                                      • Opcode ID: 57d9609dc5437f4f04e20c488a0346523087b6c437e454075c275f14ac471a60
                                                                                                                                                                                                      • Instruction ID: 1538ef74c4b3e45b9dba21343214a85719c5e5bfac9a5a37e814ee3bfc196830
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57d9609dc5437f4f04e20c488a0346523087b6c437e454075c275f14ac471a60
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7E0DFB3A0D6A066D27B15293C02FAE92BC8FE6F71F35420AFD1C631C46BA05C4110EA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 000388E2 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fflush$fclose
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3607036869-0
                                                                                                                                                                                                      • Opcode ID: 6bb0dcb4fd70a77a8dfb72b0e6c72f0e35d6fa4fc8f2f0012e899e1139dd5398
                                                                                                                                                                                                      • Instruction ID: 2d3b53f6172be7b3cfb5a0d54a7063ee195dd68e006b9d9630fb209174941ef8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bb0dcb4fd70a77a8dfb72b0e6c72f0e35d6fa4fc8f2f0012e899e1139dd5398
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDE022B22082208BEA267B24FD00AAEB7E9AFA4310F14081EF080821A2CF655901878C
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0014E Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,?,6CF27602,00000000), ref: 6CF00164
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,?,6CF27602,00000000), ref: 6CF2F289
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,6CF27602,00000000), ref: 6CF2F290
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFreeHeapLast_errno
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1236692823-0
                                                                                                                                                                                                      • Opcode ID: 9cd37cff5b1cc0b55240119b845d0eb060a9b4cf16b9b57939aa3c9da41d20a3
                                                                                                                                                                                                      • Instruction ID: e8b0c5e0132c54339899328603b6bc590f4fe6fcff125e76b5b1f2655a110e5c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cd37cff5b1cc0b55240119b845d0eb060a9b4cf16b9b57939aa3c9da41d20a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1E04F32640288EBDF112EE4A808BDA3BFDAB46755F208014F51886991DB748441E694
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00033172 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • fprintf.MSVCR100(?,Wrote %lld bytes to: %s,?,?,?), ref: 00033354
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Wrote %lld bytes to: %s, xrefs: 0003334C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: Wrote %lld bytes to: %s
                                                                                                                                                                                                      • API String ID: 383729395-2358443932
                                                                                                                                                                                                      • Opcode ID: 77f13c6ed29df0a4901acd0891bcdd3601e36a9eb3a229885c7e77bad09aae47
                                                                                                                                                                                                      • Instruction ID: d2f18c2964d69f0a36842d14cc5a680115848ee926856fd556b9367390275fb5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77f13c6ed29df0a4901acd0891bcdd3601e36a9eb3a229885c7e77bad09aae47
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E11AC76500605BFCB12CF98CC80CAAFBB9FF49318B104565F54592611D330FAA2EBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A595 Relevance: 3.0, APIs: 2, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _fileno.MSVCR100(?,?,?,?,?,?,?,6CF0A830,?), ref: 6CF0A5C4
                                                                                                                                                                                                      • _write.MSVCR100(00000000,?,?,?,?,?,?,6CF0A830,?), ref: 6CF0A5CB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fileno_write
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3998833763-0
                                                                                                                                                                                                      • Opcode ID: 2f6bcea64356ca0c511bc01c595475931c7e93897cde2b847b9c65a3c18bfef4
                                                                                                                                                                                                      • Instruction ID: ca7ac44045aff1998dc89f80bb529589b86bb107aeb09bbd3e54e38246946ca5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f6bcea64356ca0c511bc01c595475931c7e93897cde2b847b9c65a3c18bfef4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A018B32304B005FE715CA6DC955B63B7EAFF41778F14861EE4A9C3A90D779E4448A50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00031C59 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCR100(?,00000000,00000B20), ref: 00031C65
                                                                                                                                                                                                      • __iob_func.MSVCR100(?,00000000,00000B20), ref: 00031C6D
                                                                                                                                                                                                        • Part of subcall function 000212D0: memset.MSVCR100(?,00000000,00000034), ref: 00037DE0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memset$__iob_func
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 170167752-0
                                                                                                                                                                                                      • Opcode ID: 1c285e1ee3da31530d55a4a417d97101e0b9b7ea4f3ca49356f88286bee323f4
                                                                                                                                                                                                      • Instruction ID: 5bfbb2bf481ae2ea11400051d251a2fad04821155877209c022326c7660d4a87
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c285e1ee3da31530d55a4a417d97101e0b9b7ea4f3ca49356f88286bee323f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4018FB16507109BE724AB34E806FC776E4BB58300F00091EF2898B6C3EBB4B4418B98
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0EF54 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF0A595: _fileno.MSVCR100(?,?,?,?,?,?,?,6CF0A830,?), ref: 6CF0A5C4
                                                                                                                                                                                                        • Part of subcall function 6CF0A595: _write.MSVCR100(00000000,?,?,?,?,?,?,6CF0A830,?), ref: 6CF0A5CB
                                                                                                                                                                                                      • _fileno.MSVCR100(?,00000000,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF28C01
                                                                                                                                                                                                      • _commit.MSVCR100(00000000,?,00000000,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF28C07
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fileno$_commit_write
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2701512801-0
                                                                                                                                                                                                      • Opcode ID: 5f7cd8d1636a699d3994c8a7d9bb823eb01c482443689ef8c89edb240072f7fb
                                                                                                                                                                                                      • Instruction ID: 7c73798f4ce2d44d9f12553560788ba34f04aea03be007ebf3248933bce69bcc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f7cd8d1636a699d3994c8a7d9bb823eb01c482443689ef8c89edb240072f7fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBE0D823A5BA256A530511B9B8109CB338C5F02FBA714471BF814EADC0DB28D14570D5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0EEF1 Relevance: 3.0, APIs: 2, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock_file.MSVCR100(?,6CF0EF38,0000000C), ref: 6CF0EF0B
                                                                                                                                                                                                        • Part of subcall function 6CF0A48D: _lock.MSVCR100(?,?,?,6CF56E10,00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF0A4BA
                                                                                                                                                                                                      • _fflush_nolock.MSVCR100(?,6CF0EF38,0000000C), ref: 6CF0EF17
                                                                                                                                                                                                        • Part of subcall function 6CF0EEE7: _unlock_file.MSVCR100(?,6CF0EF2C,6CF0EF38,0000000C), ref: 6CF0EEEA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fflush_nolock_lock_lock_file_unlock_file
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1941776106-0
                                                                                                                                                                                                      • Opcode ID: 989b73bc5e5e20291dda6929b04c96a05d8be30e156f89a4cea260216170f4fd
                                                                                                                                                                                                      • Instruction ID: c4323009c4bd1c8ab89151d8cd0800576b7c0f26031104a971f640c58becccd6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 989b73bc5e5e20291dda6929b04c96a05d8be30e156f89a4cea260216170f4fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65E09232E01544AADB019F68E8208CD7B706F00F5AF208116F0585AFD0CB704685FBC4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF17980 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___crtCorExitProcess.LIBCMT ref: 6CF17988
                                                                                                                                                                                                        • Part of subcall function 6CF1792B: GetModuleHandleW.KERNEL32(mscoree.dll,?,6CF1798D,00000001,?,6CF274B5,000000FF,0000001E,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF17935
                                                                                                                                                                                                        • Part of subcall function 6CF1792B: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6CF17945
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 6CF17991
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2427264223-0
                                                                                                                                                                                                      • Opcode ID: 92d8b5aebcbfc9072e1ba02effc20bb32b5c6c829da3f672c7ccf2b85411a22b
                                                                                                                                                                                                      • Instruction ID: 14a6c18659f3508fbb1108fd44b799df19c34ca01b7ee51a8144057ed78bb5f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92d8b5aebcbfc9072e1ba02effc20bb32b5c6c829da3f672c7ccf2b85411a22b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3B0923100414CBBDF113F52DC098893F7AEB81AA0B608025F81809520EF72ED97AA90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF17A80 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _unlock.MSVCR100(00000008,6CF17A68,00000018,6CF4BF47,00000001,00000001,00000000,?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001,?,6CF01EE5), ref: 6CF17AA2
                                                                                                                                                                                                        • Part of subcall function 6CF00934: LeaveCriticalSection.KERNEL32(?,6CF0A96B,0000000A,6CF0A9B4,?,6CF01EE5,0000000D), ref: 6CF00943
                                                                                                                                                                                                        • Part of subcall function 6CF17980: ___crtCorExitProcess.LIBCMT ref: 6CF17988
                                                                                                                                                                                                        • Part of subcall function 6CF17980: ExitProcess.KERNEL32 ref: 6CF17991
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExitProcess$CriticalLeaveSection___crt_unlock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2090324275-0
                                                                                                                                                                                                      • Opcode ID: b9552ea3e005ad67374e8640d24b4b4a5c61c1fd3fe911392b00dc56a480636e
                                                                                                                                                                                                      • Instruction ID: 3aa25fbabcae14f114a22708f6453db085d80dd0ee88a0dd76ea30acc325f703
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9552ea3e005ad67374e8640d24b4b4a5c61c1fd3fe911392b00dc56a480636e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45D01734509248AEEF144F60C8043C97AA1BB40329FA49616E42845EE0C7F55688DA51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF12C24 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • fread_s.MSVCR100(?,000000FF,?,?,?), ref: 6CF12C37
                                                                                                                                                                                                        • Part of subcall function 6CF12B9B: _lock_file.MSVCR100(?,6CF12C08,0000000C), ref: 6CF12BCA
                                                                                                                                                                                                        • Part of subcall function 6CF12B9B: _fread_nolock_s.MSVCR100(?,?,?,?,?,6CF12C08,0000000C), ref: 6CF12BE2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fread_nolock_s_lock_filefread_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1367803784-0
                                                                                                                                                                                                      • Opcode ID: 0df72da19188d8e1e8da3fa3eb33613783822dee99082262455da29efe350299
                                                                                                                                                                                                      • Instruction ID: f7b6c1893c70c7d6990ae3b730fc6d982bfb1fc065f6ccee8d11c7c22ab05aa6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0df72da19188d8e1e8da3fa3eb33613783822dee99082262455da29efe350299
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CC0027240414D778F015E85DC05C9A3F16AB45274B554250F93C155A5E633D5719751
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF53DCC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __fsopen.LIBCMT(?,?,00000040), ref: 6CF53DD9
                                                                                                                                                                                                        • Part of subcall function 6CF53CEF: _errno.MSVCR100(6CF53DB0,0000000C), ref: 6CF53D0E
                                                                                                                                                                                                        • Part of subcall function 6CF53CEF: _invalid_parameter_noinfo.MSVCR100(6CF53DB0,0000000C), ref: 6CF53D19
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __fsopen_errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1464600330-0
                                                                                                                                                                                                      • Opcode ID: 87bd7964537044c76021c640c9d87a4ded24f7d8718d31e94e05ea5a4fd40c26
                                                                                                                                                                                                      • Instruction ID: 7d20c5c1ae988f39285b38f1fc0e7261a98943a805865f80573b354acd274c15
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87bd7964537044c76021c640c9d87a4ded24f7d8718d31e94e05ea5a4fd40c26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30C09B7244010C77CF111947DC05E453F5997D0664F454010FB1C1D5609673D5759595
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF17AB0 Relevance: 1.5, APIs: 1, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _unlock.MSVCR100(00000008,6CF17A90,6CF17A68,00000018,6CF4BF47,00000001,00000001,00000000,?,6CF4BF78,000000FF,?,6CF27507,00000011,00000001), ref: 6CF17AB9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _unlock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2480363372-0
                                                                                                                                                                                                      • Opcode ID: 2faf7858daa88ba963be7068e9eef2df2f6acee4c28ed2cace2f8c330f6ce8ff
                                                                                                                                                                                                      • Instruction ID: ce899c6c40158d43a410dd8be5a8cd14ce56422913b2456bad3d7180b5d28c43
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2faf7858daa88ba963be7068e9eef2df2f6acee4c28ed2cace2f8c330f6ce8ff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52B0123114D24599E7084D08C4007C525903740B1EF884107940885DD04BF40348D520
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0B8A6 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _setmbcp.MSVCR100(000000FD,6CF0B8FD), ref: 6CF0B8A8
                                                                                                                                                                                                        • Part of subcall function 6CF0B1C6: _getptd.MSVCR100(6CF0B210,00000014,6CF0B8AD,000000FD,6CF0B8FD), ref: 6CF0B1D6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _getptd_setmbcp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1231748908-0
                                                                                                                                                                                                      • Opcode ID: e63f9b6acd9b0353c5c6c008ad3059788c9d335e77b3f4ea23d2c53fb32400c0
                                                                                                                                                                                                      • Instruction ID: 5a57ae488fd3e7f910c020ee11db18640650c3d28c8008b5df183ffdeea93cfc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e63f9b6acd9b0353c5c6c008ad3059788c9d335e77b3f4ea23d2c53fb32400c0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E90044331D011030D1C55741C5454D31510F414357714F55D030C57DFFF0040C47055
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0002124E Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                                                                      • Opcode ID: 771e0afad61f57c6781a124f36e0ef10770c0742a9331adb8da5baaaa3b5f123
                                                                                                                                                                                                      • Instruction ID: b69b44eedefc3c7210c567c7f392c8cd42baf7ef7931da1dab97639e9cb5df7e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 771e0afad61f57c6781a124f36e0ef10770c0742a9331adb8da5baaaa3b5f123
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DE092767006218BC7709E5DE4C4A5AB3E8DFA0716F24442DE455C3252CB70DC44C651
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0002B82B Relevance: 1.3, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                                                                      • Opcode ID: 4d0407b3ecdc154039fd024a364038ef11a6af04a090e670994ba061aaf4d5f7
                                                                                                                                                                                                      • Instruction ID: 309ab5631bfc04d7665e8a273be70d6ff3b94503d5b9fcbabd6e3532eed0c633
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d0407b3ecdc154039fd024a364038ef11a6af04a090e670994ba061aaf4d5f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAD012724146218BE7745E18F949791B3ECDB14363F254C2DE898C2081DB7CCD40C658
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 000210C8 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115276285.0000000000021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115257539.0000000000020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115296330.000000000003B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000045000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115317849.0000000000047000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115352043.0000000000048000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_20000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                                                                      • Opcode ID: ccc648f684d725fa6ba0ebad1707726d76daec3c4613159576229dd1c4fab53a
                                                                                                                                                                                                      • Instruction ID: 18d813bff865e9bb0dd0c54a2a3500f3808f9e87f05f64d4b3ecc8dc6f0a10d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccc648f684d725fa6ba0ebad1707726d76daec3c4613159576229dd1c4fab53a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48A022B200C220EBCA202F00FC0880CFFA0EB82383BB08008F80F000B0CB3002B0BA00
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 6CF4A277 Relevance: 98.2, APIs: 38, Strings: 18, Instructions: 204libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,CreateUmsCompletionList,00000000,00000114,00000000,?,?,?,?,6CF3BE65), ref: 6CF4A293
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A29C
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,6CF3BE65), ref: 6CF4A2A2
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,6CF3BE65), ref: 6CF4A2BA
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000,?,?,?,?,6CF3BE65), ref: 6CF4A2C8
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,DequeueUmsCompletionListItems,?,?,?,?,6CF3BE65), ref: 6CF4A2E1
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A2E4
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,6CF3BE65), ref: 6CF4A2EA
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetUmsCompletionListEvent,?,?,?,?,6CF3BE65), ref: 6CF4A30A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A30D
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,ExecuteUmsThread,?,?,?,?,6CF3BE65), ref: 6CF4A327
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A32A
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,UmsThreadYield,?,?,?,?,6CF3BE65), ref: 6CF4A344
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A347
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,DeleteUmsCompletionList,?,?,?,?,6CF3BE65), ref: 6CF4A361
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A364
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetCurrentUmsThread,?,?,?,?,6CF3BE65), ref: 6CF4A37E
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A381
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetNextUmsListItem,?,?,?,?,6CF3BE65), ref: 6CF4A39F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A3A2
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,QueryUmsThreadInformation,?,?,?,?,6CF3BE65), ref: 6CF4A3C0
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A3C3
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,SetUmsThreadInformation,?,?,?,?,6CF3BE65), ref: 6CF4A3E1
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A3E4
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,DeleteUmsThreadContext,?,?,?,?,6CF3BE65), ref: 6CF4A402
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A405
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,CreateUmsThreadContext,?,?,?,?,6CF3BE65), ref: 6CF4A423
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A426
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,EnterUmsSchedulingMode,?,?,?,?,6CF3BE65), ref: 6CF4A444
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A447
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,CreateRemoteThreadEx,?,?,?,?,6CF3BE65), ref: 6CF4A465
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A468
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,InitializeProcThreadAttributeList,?,?,?,?,6CF3BE65), ref: 6CF4A486
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A489
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,UpdateProcThreadAttribute,?,?,?,?,6CF3BE65), ref: 6CF4A4A7
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A4AA
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,DeleteProcThreadAttributeList,?,?,?,?,6CF3BE65), ref: 6CF4A4C8
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF4A4CB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressHandleModuleProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionThrow
                                                                                                                                                                                                      • String ID: CreateRemoteThreadEx$CreateUmsCompletionList$CreateUmsThreadContext$DeleteProcThreadAttributeList$DeleteUmsCompletionList$DeleteUmsThreadContext$DequeueUmsCompletionListItems$EnterUmsSchedulingMode$ExecuteUmsThread$GetCurrentUmsThread$GetNextUmsListItem$GetUmsCompletionListEvent$InitializeProcThreadAttributeList$QueryUmsThreadInformation$SetUmsThreadInformation$UmsThreadYield$UpdateProcThreadAttribute$kernel32.dll
                                                                                                                                                                                                      • API String ID: 1483908321-2643937717
                                                                                                                                                                                                      • Opcode ID: 8b220f86795b96fea92e58c3d883c7b1cfb5632509d32d3cad2374e953262b88
                                                                                                                                                                                                      • Instruction ID: e7082a11aeb22e28591689c20261c951d429aa1e97393cf595c0de049088b2fb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b220f86795b96fea92e58c3d883c7b1cfb5632509d32d3cad2374e953262b88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C5181B1F11255BAAB58ABF69D64E3F7EFCEB49584340883AE805C2641DE36C841CB24
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF17C6D Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcspbrk.LIBCMT(?,6CF177E4), ref: 6CF17CAF
                                                                                                                                                                                                      • _getdrive.MSVCR100 ref: 6CF17CC9
                                                                                                                                                                                                        • Part of subcall function 6CF17BC6: GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,?), ref: 6CF17BF9
                                                                                                                                                                                                      • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 6CF17CE0
                                                                                                                                                                                                      • _wcspbrk.LIBCMT(?,./\), ref: 6CF17D01
                                                                                                                                                                                                        • Part of subcall function 6CF17D7A: _errno.MSVCR100(?,?,?,6CF17D25,?,?,00000104,?), ref: 6CF17D81
                                                                                                                                                                                                        • Part of subcall function 6CF17D7A: _errno.MSVCR100(?,?,?,6CF17D25,?,?,00000104,?), ref: 6CF17D88
                                                                                                                                                                                                        • Part of subcall function 6CF17D7A: _wfullpath.MSVCR100(?,?,?,?,?,?,6CF17D25,?,?,00000104,?), ref: 6CF17D99
                                                                                                                                                                                                        • Part of subcall function 6CF17D7A: _errno.MSVCR100 ref: 6CF17DA3
                                                                                                                                                                                                      • _wcslen.LIBCMT(00000000), ref: 6CF17D2F
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF17D57
                                                                                                                                                                                                      • __doserrno.MSVCR100 ref: 6CF17D61
                                                                                                                                                                                                      • __doserrno.MSVCR100 ref: 6CF27C88
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF27C8F
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF27C9A
                                                                                                                                                                                                      • towlower.MSVCR100(00000000), ref: 6CF27CB7
                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(00000000), ref: 6CF27CC9
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CF27CE6
                                                                                                                                                                                                      • ___loctotime64_t.LIBCMT ref: 6CF27D19
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CF27D46
                                                                                                                                                                                                        • Part of subcall function 6CF17C47: _wcslen.LIBCMT(00000000,6CF17D43), ref: 6CF17C4A
                                                                                                                                                                                                      • _wsopen_s.MSVCR100(000000FF,?,00000000,00000040,00000000), ref: 6CF27D7C
                                                                                                                                                                                                      • __fstat64i32.LIBCMT(000000FF,?), ref: 6CF27DA0
                                                                                                                                                                                                      • _close.MSVCR100(000000FF,000000FF,?), ref: 6CF27DAD
                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 6CF27F7E
                                                                                                                                                                                                      • ___wdtoxmode.LIBCMT ref: 6CF27F8B
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF27FDD
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000), ref: 6CF27FE4
                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 6CF27FF0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$Find$Close__doserrno_wcslen_wcspbrkfree$CurrentDirectoryDriveErrorFileFirstLastType___loctotime64_t___wdtoxmode__dosmaperr__fstat64i32_close_getdrive_invalid_parameter_noinfo_wfullpath_wsopen_stowlower
                                                                                                                                                                                                      • String ID: ./\
                                                                                                                                                                                                      • API String ID: 679355030-3176372042
                                                                                                                                                                                                      • Opcode ID: c1b9eb18f7a65e9f58c34f901406d25c0dc165fb39a8263adc634a8be8d2bc41
                                                                                                                                                                                                      • Instruction ID: 9405e09868d8c3a6a67abfa10084a324241e089f2d9fc1d5e0642a2a17653e77
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1b9eb18f7a65e9f58c34f901406d25c0dc165fb39a8263adc634a8be8d2bc41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCC165B194552DDEDB209FA5CC44BEAB7F8BF09318F10029BE65CD2A40E7349A84DF64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0888A Relevance: 18.2, APIs: 12, Instructions: 160stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000002,?,?,00000000), ref: 6CF0862D
                                                                                                                                                                                                      • free.MSVCR100(?,?,?,00000000), ref: 6CF0864E
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF0884F
                                                                                                                                                                                                      • strncpy_s.MSVCR100(00000000,00000000,00000000,-00000001), ref: 6CF08869
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000000,?,?,00000000), ref: 6CF088D4
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000000,00000002,?,?,00000000), ref: 6CF088E3
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001004,00000000,00000000,?,?,00000000), ref: 6CF088FC
                                                                                                                                                                                                      • free.MSVCR100(00000000), ref: 6CF306D9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale$_calloc_crtfree$strncpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2432546303-0
                                                                                                                                                                                                      • Opcode ID: bb8bd292724496a21c1150deb816c3a12e1b89ff3e6980ba82d59b510cb21223
                                                                                                                                                                                                      • Instruction ID: acb20f3ed593528b08e5aeb189a5e311d685db18b66dc3aaf2ae318bcc9c6595
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb8bd292724496a21c1150deb816c3a12e1b89ff3e6980ba82d59b510cb21223
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D351AE71A0125AAFEB109F658C51BAF3BB8BF04B58F204056E818A2650EF71CD64EF64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF085AC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 56stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,00000005,00000002,?,?,6CF084ED,?,6CF06D5D,?,000000BC,?,00000000,00000000,00000005), ref: 6CF085CD
                                                                                                                                                                                                      • strcmp.MSVCR100(00000000,ACP,?,?,6CF084ED,?,6CF06D5D,?,000000BC,?,00000000,00000000,00000005), ref: 6CF128A7
                                                                                                                                                                                                      • strcmp.MSVCR100(00000000,OCP,?,?,6CF084ED,?,6CF06D5D,?,000000BC,?,00000000,00000000,00000005), ref: 6CF31764
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,00000005,00000002,?,?,6CF084ED,?,6CF06D5D,?,000000BC,?,00000000,00000000,00000005), ref: 6CF3177D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocalestrcmp
                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                      • API String ID: 3191669094-711371036
                                                                                                                                                                                                      • Opcode ID: 4ba63ed257e5cb54ae3933bbe082e233ce6f5469da82c5dbd51f50de239f504e
                                                                                                                                                                                                      • Instruction ID: b17b798399eef0d25892969332f2fc82888c9ab6a911eadb2e67701bd56a874c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ba63ed257e5cb54ae3933bbe082e233ce6f5469da82c5dbd51f50de239f504e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1101DD3670515AFAEB018A55DC49F5B37B45F4276CF344526E414E1D80EF20C5419684
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A1DD Relevance: 12.2, APIs: 8, Instructions: 225COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wcsncpy_s.MSVCR100(?,000000FF,?,00000000,?,?,?,?,?,6CF0A184,?,?,?,?,?,?), ref: 6CF0A2D8
                                                                                                                                                                                                      • wcsncpy_s.MSVCR100(?,000000FF,?,?,?,?,?,?,?,6CF0A184,?,?,?,?,?,?), ref: 6CF3126A
                                                                                                                                                                                                      • wcsncpy_s.MSVCR100(?,000000FF,00000000,?,?,?,?,?,?,6CF0A184,?,?,?,?,?,?), ref: 6CF31293
                                                                                                                                                                                                      • wcsncpy_s.MSVCR100(?,000000FF,?,?,?,?,?,?,?,6CF0A184,?,?,?,?,?,?), ref: 6CF312B0
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,6CF0A184,?,?,?,?,?,?,?,?,?), ref: 6CF31319
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,6CF0A184,?,?,?,?,?,?,?,?,?), ref: 6CF31323
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,6CF0A184,?,?,?,?,?,?,?,?,?), ref: 6CF31334
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: wcsncpy_s$_errno$_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2268458229-0
                                                                                                                                                                                                      • Opcode ID: 87b73b51c518bb9edbcaf6508134a0b64f8a69439c1166a22af99ce3c7bbfd33
                                                                                                                                                                                                      • Instruction ID: b1df6f97d416df815fe624bf56a27a1c10c023ae7a64e301a3f98cc19ca5d010
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87b73b51c518bb9edbcaf6508134a0b64f8a69439c1166a22af99ce3c7bbfd33
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D371E731F05226EB9F188E59885049A33F6EF96B0CB36D33AE828D2D40F771C991D6D5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF00807 Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 6CF7C224
                                                                                                                                                                                                      • _crt_debugger_hook.MSVCR100(00000001), ref: 6CF7C231
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CF7C239
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(6CF7C270), ref: 6CF7C244
                                                                                                                                                                                                      • _crt_debugger_hook.MSVCR100(00000001), ref: 6CF7C255
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 6CF7C260
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 6CF7C267
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3369434319-0
                                                                                                                                                                                                      • Opcode ID: 1dd5ecede2c1ffe2eb6000801cd497c27145a0492bb743f8411a6a28fa8468a9
                                                                                                                                                                                                      • Instruction ID: f8b450e8e2dd5e23a506baeafffbba014a9e1d51110da74ee4d1bd342d7e5f8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dd5ecede2c1ffe2eb6000801cd497c27145a0492bb743f8411a6a28fa8468a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C21BCB8E21284DFEB94DFE9F584748BBB4BB4A324F10041BE90887760E7B09984CF15
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7C16F Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 6CF7C224
                                                                                                                                                                                                      • _crt_debugger_hook.MSVCR100(00000001), ref: 6CF7C231
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CF7C239
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(6CF7C270), ref: 6CF7C244
                                                                                                                                                                                                      • _crt_debugger_hook.MSVCR100(00000001), ref: 6CF7C255
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 6CF7C260
                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 6CF7C267
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3369434319-0
                                                                                                                                                                                                      • Opcode ID: de09ff0312ab0c912004d80af930a1e32a497805820e4773ac87316f45998b19
                                                                                                                                                                                                      • Instruction ID: d72d174e98901108279fbbe589c43167aa7b3c88e7cf2fcf67ee80fb1de173c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: de09ff0312ab0c912004d80af930a1e32a497805820e4773ac87316f45998b19
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7021ACB8E21284DFEB94DFE9F584748BBB4BB5A324F10041BE90887760E7B09994CF15
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0871C Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,00000080,?,?,00000000), ref: 6CF0874C
                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 6CF0879E
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,?,00000000,00000000,?,?,00000000), ref: 6CF087BC
                                                                                                                                                                                                      • _freea_s.MSVCR100(00000000,?,?,00000000), ref: 6CF087C5
                                                                                                                                                                                                      • malloc.MSVCR100(00000008,?,?,00000000), ref: 6CF31410
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocale$ByteCharMultiWide_freea_smalloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 221122905-0
                                                                                                                                                                                                      • Opcode ID: 7cb3ee9300af17f186be98509e1e9557701fff57d622030d72292495250fca68
                                                                                                                                                                                                      • Instruction ID: 94fcfe55fa468fb60317560a8ae3d268bdbcf9d74b8c6b8c519d656487e63992
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cb3ee9300af17f186be98509e1e9557701fff57d622030d72292495250fca68
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3021E131701228AFDF008EA4DC9099F7BB5EF49B65B204126F519D2A54D730C950EAA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF065F0 Relevance: 7.6, APIs: 5, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(75918410,?,?,6CF08466,?,0000000A,00000000), ref: 6CF278BE
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(75918410,?,?,6CF08466,?,0000000A,00000000), ref: 6CF278C8
                                                                                                                                                                                                      • _errno.MSVCR100(0000009C,75918410,?,?,6CF08466,?,0000000A,00000000), ref: 6CF278D4
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(0000009C,75918410,?,?,6CF08466,?,0000000A,00000000), ref: 6CF278DE
                                                                                                                                                                                                      • _errno.MSVCR100(0000009C,75918410,?,?,6CF08466,?,0000000A,00000000), ref: 6CF278EA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2819658684-0
                                                                                                                                                                                                      • Opcode ID: f75d5ef8445d8ad6a7a9f1cda04f6debccbbf156b54398d1d2e486a0e230aedc
                                                                                                                                                                                                      • Instruction ID: 717880437fe35d9bf0e11356b1ccab292f044b4515e17a4e60b6b980eac6046e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f75d5ef8445d8ad6a7a9f1cda04f6debccbbf156b54398d1d2e486a0e230aedc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A921453224C286CFD3150FA8C4B03CA7BA5EF56B08F20417FF4808AA41D6B08486D7A2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4CA9B Relevance: 7.5, APIs: 5, Instructions: 47fileCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00000354,?,?,6CF4CBA0,?,00000000,-00000002,6CFA5BD0), ref: 6CF4CAB5
                                                                                                                                                                                                        • Part of subcall function 6CF00B31: malloc.MSVCR100(00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF00B3D
                                                                                                                                                                                                      • FindClose.KERNEL32(?,?,?,6CF4CBA0,?,00000000,-00000002,6CFA5BD0), ref: 6CF4CAD2
                                                                                                                                                                                                      • FindFirstFileExW.KERNEL32(-00000002,00000000,00000000,00000000,00000000,?,?,6CF4CBA0,?,00000000,-00000002,6CFA5BD0), ref: 6CF4CAEB
                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,6CF4CBA0,?,00000000,-00000002,6CFA5BD0), ref: 6CF4CB12
                                                                                                                                                                                                      • FindClose.KERNEL32(?,6CF4CBA0,?,00000000,-00000002,6CFA5BD0), ref: 6CF4CB22
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Find$CloseFile$FirstNext_malloc_crtmalloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1203757345-0
                                                                                                                                                                                                      • Opcode ID: 8ef0949a76272b83a8ecabec84998b23fac9c3cea57f9f86d88d274865b83072
                                                                                                                                                                                                      • Instruction ID: f31262c59e9a97d0b2d48eee3a833a088ae6624929b31c17ae876023cea9401d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ef0949a76272b83a8ecabec84998b23fac9c3cea57f9f86d88d274865b83072
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24019EB1F253A4EFCF51AFA6EC18A4EBE75F7067A43349516F014C1554D3B18045DB80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3BCAE Relevance: 61.6, APIs: 31, Strings: 4, Instructions: 339libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,00000000,00000000,00000000), ref: 6CF3BCD2
                                                                                                                                                                                                      • _memset.LIBCMT(?,00000000,00000114), ref: 6CF3BCFB
                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 6CF3BD0C
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF3BD20
                                                                                                                                                                                                        • Part of subcall function 6CF380D0: std::exception::exception.LIBCMT(6CF3C166,00000114,?), ref: 6CF380E4
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF3BD2F
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformationEx), ref: 6CF3BD74
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF3BD7B
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF3BD8D
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF3BDA6
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF3BDC3
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation,?,6CFA0C48,00000000), ref: 6CF3BEAE
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 6CF3BEB5
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF3BEC1
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF3BEDA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConcurrency::unsupported_os::unsupported_osErrorHandleLastModuleProc$ExceptionInfoSystemThrowVersion_memsetstd::exception::exception
                                                                                                                                                                                                      • String ID: GetLogicalProcessorInformation$GetLogicalProcessorInformationEx$bad allocation$kernel32.dll
                                                                                                                                                                                                      • API String ID: 2475737160-1310109495
                                                                                                                                                                                                      • Opcode ID: c6745218ce46900cee2835261965a6a080df0677f3c4d4e9675ba476c2d70ddd
                                                                                                                                                                                                      • Instruction ID: edbb040092812efa2b163931796d6ec065c72c87257e628d11e3a77b110d26ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6745218ce46900cee2835261965a6a080df0677f3c4d4e9675ba476c2d70ddd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61C10571A196A4EFC740DFA4D854B5EB7F4BB8AB08F10592FE048C2A40D778C949CB97
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF10E69 Relevance: 42.3, APIs: 28, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF10ECE
                                                                                                                                                                                                      • _waccess_s.MSVCR100(?,00000000), ref: 6CF10ED8
                                                                                                                                                                                                        • Part of subcall function 6CF023DB: GetFileAttributesW.KERNEL32(?), ref: 6CF023FC
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF10EE5
                                                                                                                                                                                                      • _wdupenv_s.MSVCR100(?,00000000,?), ref: 6CF10F08
                                                                                                                                                                                                        • Part of subcall function 6CF10CD7: _lock.MSVCR100(00000007,6CF10D48,0000000C), ref: 6CF10CE5
                                                                                                                                                                                                      • _wcslen.LIBCMT(?), ref: 6CF10F2D
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,00000000,00000000), ref: 6CF10F50
                                                                                                                                                                                                      • _wcslen.LIBCMT(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CF10FAA
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(00000000,00000002,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CF10FF3
                                                                                                                                                                                                      • _waccess_s.MSVCR100(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CF1100A
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CF1102D
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CF11047
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CF11083
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF310BC
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF310C6
                                                                                                                                                                                                      • _wfullpath.MSVCR100(?,?,?), ref: 6CF310DF
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6CF31105
                                                                                                                                                                                                      • _wcslen.LIBCMT(?,00000000,00000000,00000000,00000000,00000000), ref: 6CF31110
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000002,00000002,?,00000000,00000000,00000000,00000000,00000000), ref: 6CF3111C
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CF31137
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,00000000,00000000,00000000), ref: 6CF31152
                                                                                                                                                                                                      • _wcslen.LIBCMT(?,?,?,?,00000000,00000000,00000000), ref: 6CF31162
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000002,00000002,?,?,?,?,00000000,00000000,00000000), ref: 6CF3116E
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF311A7
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF311B2
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CF311C4
                                                                                                                                                                                                      • free.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CF311E8
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CF311EE
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CF31201
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_wcslenfree$_calloc_crt_waccess_swcscpy_s$AttributesFile__invoke_watson_invalid_parameter_noinfo_lock_wdupenv_s_wfullpath
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1320518012-0
                                                                                                                                                                                                      • Opcode ID: 175579a52d74e32d77a78f43f2975e81836d55c2d205cc426efe1208337c447d
                                                                                                                                                                                                      • Instruction ID: 66cacadab22c0a7931b622498bc42aefc1b8f17502f410d64c829917016837c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 175579a52d74e32d77a78f43f2975e81836d55c2d205cc426efe1208337c447d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95919271E44228EEDB209F64DC987DDB7B9AF48708F1181E6D408A7A50EB70CE94DF91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF16340 Relevance: 40.8, APIs: 27, Instructions: 271stringtimeCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock.MSVCR100(00000007,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF16362
                                                                                                                                                                                                        • Part of subcall function 6CF00910: EnterCriticalSection.KERNEL32(00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0092B
                                                                                                                                                                                                      • __tzname.MSVCR100(6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF1636B
                                                                                                                                                                                                      • _get_timezone.MSVCR100(?,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF16377
                                                                                                                                                                                                      • _get_daylight.MSVCR100(6CF16985,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF16389
                                                                                                                                                                                                      • _get_dstbias.MSVCR100(00000008,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF1639B
                                                                                                                                                                                                      • ___lc_codepage_func.MSVCR100(6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF163A9
                                                                                                                                                                                                        • Part of subcall function 6CF11D44: _strlen.LIBCMT(00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D62
                                                                                                                                                                                                        • Part of subcall function 6CF11D44: _strlen.LIBCMT(00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D71
                                                                                                                                                                                                        • Part of subcall function 6CF11D44: __fassign.LIBCMT(00000000,00000000,00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D8D
                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(6CFA5DE8,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF163F0
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,6CFA5DEC,00000000,?,0000003F,00000000,?), ref: 6CF1646E
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(000000FF,00000000,6CFA5E40,000000FF,?,0000003F,00000000,?), ref: 6CF164A1
                                                                                                                                                                                                      • __timezone.MSVCR100 ref: 6CF164C7
                                                                                                                                                                                                      • __daylight.MSVCR100 ref: 6CF164D1
                                                                                                                                                                                                      • __dstbias.MSVCR100 ref: 6CF164DB
                                                                                                                                                                                                      • strcmp.MSVCR100(00000000,00000000,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF299C9
                                                                                                                                                                                                      • free.MSVCR100(00000000,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF299E2
                                                                                                                                                                                                      • _strlen.LIBCMT(00000000,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF299E9
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00000001,00000000,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF299F0
                                                                                                                                                                                                      • _strlen.LIBCMT(00000000,00000000,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF29A06
                                                                                                                                                                                                      • strcpy_s.MSVCR100(00000001,00000000,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF29A14
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF29A29
                                                                                                                                                                                                      • free.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000000,6CF16508,0000002C,6CF16552,6CF16570,00000008,6CF16985), ref: 6CF29A2F
                                                                                                                                                                                                      • strncpy_s.MSVCR100(?,00000040,00000000,00000003), ref: 6CF29A4A
                                                                                                                                                                                                      • atol.MSVCR100(-00000003), ref: 6CF29A67
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$ByteCharMultiWidefree$CriticalEnterInformationSectionTimeZone___lc_codepage_func__daylight__dstbias__fassign__invoke_watson__timezone__tzname_get_daylight_get_dstbias_get_timezone_lock_malloc_crtatolstrcmpstrcpy_sstrncpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3174396702-0
                                                                                                                                                                                                      • Opcode ID: 0bb180aa4abb65a0568e1ba265fe14490966c7cbcd08999b7c8dc44430be9bd4
                                                                                                                                                                                                      • Instruction ID: f584b3ef929ca3de3636b06233d2f33671065c0ede2eed1dc706fd584610a92e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bb180aa4abb65a0568e1ba265fe14490966c7cbcd08999b7c8dc44430be9bd4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB9192B2D09285DFDB049FE9D880ADDBBF5FF09318B24002AE454EBB50DB7589468F64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF066AA Relevance: 34.8, APIs: 23, Instructions: 295COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CEF12D7
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CEF131B
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00000004), ref: 6CF066EF
                                                                                                                                                                                                        • Part of subcall function 6CF00B31: malloc.MSVCR100(00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF00B3D
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000180,00000002,00000004), ref: 6CF066FF
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000180,00000001,00000180,00000002,00000004), ref: 6CF0670A
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000180,00000001,00000180,00000001,00000180,00000002,00000004), ref: 6CF06715
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000101,00000001,00000180,00000001,00000180,00000001,00000180,00000002,00000004), ref: 6CF06724
                                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?), ref: 6CF06777
                                                                                                                                                                                                      • ___crtGetStringTypeA.LIBCMT ref: 6CF067BB
                                                                                                                                                                                                      • __crtLCMapStringA.MSVCR100(00000000,?,00000100,?,000000FF,?,000000FF,?,00000000), ref: 6CF067EE
                                                                                                                                                                                                      • __crtLCMapStringA.MSVCR100(00000000,?,00000200,?,000000FF,?,000000FF,?,00000000), ref: 6CF0681B
                                                                                                                                                                                                      • memcpy.MSVCR100(?,?,000000FE), ref: 6CF06875
                                                                                                                                                                                                      • memcpy.MSVCR100(?,?,0000007F,?,?,000000FE), ref: 6CF06884
                                                                                                                                                                                                      • memcpy.MSVCR100(?,?,0000007F,?,?,0000007F,?,?,000000FE), ref: 6CF06896
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CF068EB
                                                                                                                                                                                                        • Part of subcall function 6CF0014E: RtlFreeHeap.NTDLL(00000000,00000000,?,6CF27602,00000000), ref: 6CF00164
                                                                                                                                                                                                      • free.MSVCR100(?,?), ref: 6CF30A6E
                                                                                                                                                                                                      • free.MSVCR100(?,?,?), ref: 6CF30A76
                                                                                                                                                                                                      • free.MSVCR100(?,?,?,?), ref: 6CF30A7E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free$_calloc_crt$Stringmemcpy$__crt$DecrementFreeHeapInfoInterlockedType___crt_malloc_crtmalloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3303389740-0
                                                                                                                                                                                                      • Opcode ID: bffc54b112a2f9a91a84f2cbce1d13a3e99d6afec627fa323d051d2de9291706
                                                                                                                                                                                                      • Instruction ID: c07059e481044e0322d451a33aba3c4b7c9b0ab4a6faf5997776cd306849c05e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bffc54b112a2f9a91a84f2cbce1d13a3e99d6afec627fa323d051d2de9291706
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AB18CB1E01249EBEB10CFA5C890BEEBBF4BF09708F10406EE465A7B50D775A845DB60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF121F3 Relevance: 34.7, APIs: 23, Instructions: 213COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wcsnlen.MSVCR100(?,00007FFF,?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF1221D
                                                                                                                                                                                                      • wcsnlen.MSVCR100(?,00007FFF,?,00007FFF,?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF12228
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000002,00000002), ref: 6CF12247
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(00000000,00000002,?), ref: 6CF1225E
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(?,00000002,?,00000000,00000002,?), ref: 6CF1227B
                                                                                                                                                                                                        • Part of subcall function 6CF11FBA: wcschr.MSVCR100(00000000,0000003D,7591DF80,00000000,01821898), ref: 6CF11FE5
                                                                                                                                                                                                        • Part of subcall function 6CF11FBA: free.MSVCR100(?,7591DF80,00000000,01821898), ref: 6CF12058
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CF122B9
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CF122D5
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000000,00000001), ref: 6CF122E2
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CF122FB
                                                                                                                                                                                                      • _strlen.LIBCMT(00000000), ref: 6CF1230D
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CF1232B
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF12350
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF30FCE
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF30FD9
                                                                                                                                                                                                      • wcschr.MSVCR100(?,0000003D,?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF30FE9
                                                                                                                                                                                                      • wcsnlen.MSVCR100(-00000002,00007FFF,?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF3100D
                                                                                                                                                                                                      • _wcslen.LIBCMT(?,?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF31019
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000001,00000002,?,?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF31024
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(00000000,00000001,?), ref: 6CF3103A
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF31047
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF31052
                                                                                                                                                                                                      • free.MSVCR100(00000000), ref: 6CF3106D
                                                                                                                                                                                                      • free.MSVCR100(?), ref: 6CF3108F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide$_calloc_crt_errnofreewcscpy_swcsnlen$_invalid_parameter_noinfowcschr$_strlen_wcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 928254730-0
                                                                                                                                                                                                      • Opcode ID: 39eb046bbade2cb3c25404ab24316985260465bb40b840272b8606600873ea5f
                                                                                                                                                                                                      • Instruction ID: 62eceef0c799e506ba91459e73020abc4bab8937a95cd8bc7ae8db4f7ca1c949
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39eb046bbade2cb3c25404ab24316985260465bb40b840272b8606600873ea5f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B512972609264FACB255FA48C88DDF3B6CEF47B78F304116F01896A90DB76C545EAA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF1854A Relevance: 33.3, APIs: 18, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _FindAndUnlinkFrame.MSVCR100(?), ref: 6CF18560
                                                                                                                                                                                                        • Part of subcall function 6CF183D1: _getptd.MSVCR100 ref: 6CF183D7
                                                                                                                                                                                                        • Part of subcall function 6CF183D1: _getptd.MSVCR100 ref: 6CF183EB
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF18576
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF18585
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF18596
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF185AA
                                                                                                                                                                                                      • _IsExceptionObjectToBeDestroyed.MSVCR100(?), ref: 6CF185B8
                                                                                                                                                                                                        • Part of subcall function 6CF183AA: _getptd.MSVCR100 ref: 6CF183AF
                                                                                                                                                                                                      • _getptd.MSVCR100(00000001), ref: 6CF185C4
                                                                                                                                                                                                      • __DestructExceptionObject.MSVCR100(?,00000001), ref: 6CF185CF
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF185D6
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF185E5
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF185F6
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF18614
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF18622
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF2CA42
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF2CA5A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _getptd$ExceptionObject$DestroyedDestructFindFrameUnlink
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 473968603-1018135373
                                                                                                                                                                                                      • Opcode ID: 393515e66f6cd6f8556c6123cd2c61eaaadf32aa08d920afe1cd1ee9e48e9f68
                                                                                                                                                                                                      • Instruction ID: 11e71ffafbc71f96d9ea202a8317583628da9bb52e72e5e20c6c99e1a8512c1e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 393515e66f6cd6f8556c6123cd2c61eaaadf32aa08d920afe1cd1ee9e48e9f68
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0314D34208641CFC304BF55D194E953BA5BF0036AF9A81BAD1898FE22DF74D88ADF61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF523C7 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF523DF
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF523EA
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5240F
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF5241A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                      • String ID: PATH
                                                                                                                                                                                                      • API String ID: 1328987296-1036084923
                                                                                                                                                                                                      • Opcode ID: 55a48f3e89fa269930550e03c9a836f1a8c2231d0ca6dc80ebe70d0970eed172
                                                                                                                                                                                                      • Instruction ID: ba35fd348527a9ee5ec271d5f8da3df838d143c8704d559b3d9691acc204c139
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55a48f3e89fa269930550e03c9a836f1a8c2231d0ca6dc80ebe70d0970eed172
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B33128B1904508EFCB129F64CC445CD37B4FF51728FB10361E620A7A95DF728A54E7A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF761FB Relevance: 30.3, APIs: 20, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • operator+.LIBCMT ref: 6CF76216
                                                                                                                                                                                                        • Part of subcall function 6CF759D7: DName::DName.LIBCMT ref: 6CF759EA
                                                                                                                                                                                                        • Part of subcall function 6CF759D7: DName::operator+.LIBCMT ref: 6CF759F1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::Name::operator+operator+
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2937105810-0
                                                                                                                                                                                                      • Opcode ID: 12a375a828548fafdd064e1c0b9f37dc2116ea677d1e5c7f1f003a16ea69d6d6
                                                                                                                                                                                                      • Instruction ID: 7844de7135fcb1dca6cd762b73c97057c71d6faa3127ddca369d9df0e1ecbb92
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12a375a828548fafdd064e1c0b9f37dc2116ea677d1e5c7f1f003a16ea69d6d6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BD1FD75E10209EFDF10CFA8D895AEEBBB4EF09318F10406AE505E7790DB349A49DB60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF12144 Relevance: 30.2, APIs: 20, Instructions: 218COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _mbschr.MSVCR100(00000000,0000003D,00000000,00000000,7591DFF0), ref: 6CF1216B
                                                                                                                                                                                                        • Part of subcall function 6CF1212D: _mbschr_l.MSVCR100(00000000,00000000,00000000,?,6CF12170,00000000,0000003D,00000000,00000000,7591DFF0), ref: 6CF1213A
                                                                                                                                                                                                      • free.MSVCR100(00000000,00000000,00000000,7591DFF0), ref: 6CF121D2
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,00000000,7591DFF0), ref: 6CF121E4
                                                                                                                                                                                                      • _errno.MSVCR100(7591DFF0), ref: 6CF31B7B
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(7591DFF0), ref: 6CF31B86
                                                                                                                                                                                                      • ___wtomb_environ.LIBCMT ref: 6CF31BAF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$___wtomb_environ_invalid_parameter_noinfo_mbschr_mbschr_lfree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 679965329-0
                                                                                                                                                                                                      • Opcode ID: 381c2c963c67311e6d3ca1e32b691eac021034aa3429c6497b8691ed2e1dfae8
                                                                                                                                                                                                      • Instruction ID: 3f337caa3a1b1ffd962408297c7f6cf9853cd09c415baf1bcf38d2bb647cf062
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 381c2c963c67311e6d3ca1e32b691eac021034aa3429c6497b8691ed2e1dfae8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE61D172A08155EFDB11CFA8DC845DDBBB0FF42328B22552ED624E7E90DB319A40DB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF16924 Relevance: 28.8, APIs: 19, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT(?,000000FF,00000024), ref: 6CF1694D
                                                                                                                                                                                                      • _get_daylight.MSVCR100(?), ref: 6CF16989
                                                                                                                                                                                                      • _get_dstbias.MSVCR100(?), ref: 6CF1699B
                                                                                                                                                                                                      • _get_timezone.MSVCR100(?), ref: 6CF169AD
                                                                                                                                                                                                      • _gmtime64_s.MSVCR100(?,?), ref: 6CF169E1
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF16A07
                                                                                                                                                                                                      • _gmtime64_s.MSVCR100(?,?), ref: 6CF16A13
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF29DE1
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF29DEB
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF29DF7
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF29E01
                                                                                                                                                                                                      • _gmtime64_s.MSVCR100(?,?), ref: 6CF29E3A
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 6CF29EA5
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF29EC1
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 6CF29ED8
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF29EF6
                                                                                                                                                                                                      • __allrem.LIBCMT ref: 6CF29F0D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __allrem_errno_gmtime64_s$Unothrow_t@std@@@__ehfuncinfo$??2@_invalid_parameter_noinfo$_get_daylight_get_dstbias_get_timezone_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3568092448-0
                                                                                                                                                                                                      • Opcode ID: 6490e0a55d3d3f254444212492ff7b0cac055b1ec5b8daf744decb3ffd3c3ea4
                                                                                                                                                                                                      • Instruction ID: eb31a937ee40b247db3346cab7831243d0d8f5dd8155ef9ab36ed2ef2d767b57
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6490e0a55d3d3f254444212492ff7b0cac055b1ec5b8daf744decb3ffd3c3ea4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3181E572A45B029BE7249E69CC40BDE73F9EF85728F25862AF411D7F80EB74DA048750
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0EAAD Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 233COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::DName.LIBCMT ref: 6CF2D3AA
                                                                                                                                                                                                      • DName::DName.LIBCMT ref: 6CF2D3DF
                                                                                                                                                                                                      • atol.MSVCR100(6CF0EAA8,6CF0EAA8,00000010,FFFF0000,00000000,00000000), ref: 6CF2D469
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::$atol
                                                                                                                                                                                                      • String ID: .$.$NULL$`non-type-template-parameter$`template-parameter
                                                                                                                                                                                                      • API String ID: 2083219425-3945972591
                                                                                                                                                                                                      • Opcode ID: 592b2ee03ad7bb4c2f96b8ef91742febc7ec77dacc6ed597944e0a89f06bec1a
                                                                                                                                                                                                      • Instruction ID: a07d710154541d9aaf9e100513c3f4cf0d4cf3303f3031314be9f106ce41cc0d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 592b2ee03ad7bb4c2f96b8ef91742febc7ec77dacc6ed597944e0a89f06bec1a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5671C472B441189ADF10DBE8DCA4FEE777CAF01B08F60085AE145A3A80DF786948CB95
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4A728 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 190threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF4035A: TlsGetValue.KERNEL32(6CF36175), ref: 6CF4036C
                                                                                                                                                                                                      • TlsGetValue.KERNEL32 ref: 6CF4A759
                                                                                                                                                                                                      • DebugBreak.KERNEL32 ref: 6CF4A763
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF4A79B
                                                                                                                                                                                                      • swprintf.LIBCMT(?,00000400,[%d:%d:%d:%d(%d)] %S: !!!!!!!Assert Failed(%S: %d),00000000), ref: 6CF4A7CB
                                                                                                                                                                                                      • _fwprintf.LIBCMT(?), ref: 6CF4A80D
                                                                                                                                                                                                      • fflush.MSVCR100(?), ref: 6CF4A818
                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(?), ref: 6CF4A827
                                                                                                                                                                                                      • DebugBreak.KERNEL32 ref: 6CF4A82D
                                                                                                                                                                                                      • exit.MSVCR100(000000F8), ref: 6CF4A835
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [%d:%d:%d:%d(%d)] %S: !!!!!!!Assert Failed(%S: %d), xrefs: 6CF4A840, 6CF4A7BA
                                                                                                                                                                                                      • [%d] %S: !!!!!!!Assert Failed(%S: %d), xrefs: 6CF4A7E1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Debug$BreakValue$CurrentOutputStringThread_fwprintfexitfflushswprintf
                                                                                                                                                                                                      • String ID: [%d:%d:%d:%d(%d)] %S: !!!!!!!Assert Failed(%S: %d)$[%d] %S: !!!!!!!Assert Failed(%S: %d)
                                                                                                                                                                                                      • API String ID: 1172176910-813932914
                                                                                                                                                                                                      • Opcode ID: 1108979bd9eb72334d111b2186dbc3b4498c802fee82dcab190daf8054e8e273
                                                                                                                                                                                                      • Instruction ID: c531a9c4aa8a23e7faa2d5ea9015bdc706a7f16b12970431032686713e76c5d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1108979bd9eb72334d111b2186dbc3b4498c802fee82dcab190daf8054e8e273
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC51F9B29083C49FDB02CBB49C58A497FB8BF56604B1881DFE491C7593DB38D84ACB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0E37C Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 238COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$NameName::
                                                                                                                                                                                                      • String ID: `anonymous namespace'
                                                                                                                                                                                                      • API String ID: 168861036-3062148218
                                                                                                                                                                                                      • Opcode ID: 167256c18b6b4d9d3753401c941d02f48ad0fb002c5aaddfdcc30abd66a4b8b8
                                                                                                                                                                                                      • Instruction ID: 5ce505092856c346281b44d736e2d91fb3033897c6a496b6acdbe750aacb609a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 167256c18b6b4d9d3753401c941d02f48ad0fb002c5aaddfdcc30abd66a4b8b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22816F71B04248EFDB14CBA4D8A0AEEBFF9EB06708F54446EE585E7B40E7309949DB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3C1B7 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,00000000,?,?,6CF3BAB4), ref: 6CF3C1F1
                                                                                                                                                                                                      • _memset.LIBCMT(00000000,00000000,00000024,00000000,00000000,?,?,6CF3BAB4), ref: 6CF3C1FD
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,00000000,00000000,00000024,00000000,00000000,?,?,6CF3BAB4), ref: 6CF3C214
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,00000000,00000000,00000000,00000024,00000000,00000000,?,?,6CF3BAB4), ref: 6CF3C232
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,6CF3BAB4), ref: 6CF3C25A
                                                                                                                                                                                                      • GetProcessAffinityMask.KERNEL32(00000000), ref: 6CF3C261
                                                                                                                                                                                                      • _memset.LIBCMT(00000002,00000000,?,?,?,?,?,?,00000000,?,?,6CF3BAB4), ref: 6CF3C27D
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,00000002,00000000,?,?,?,?,?,?,00000000,?,?,6CF3BAB4), ref: 6CF3C29D
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,00000000,?,?,6CF3BAB4), ref: 6CF3C2E8
                                                                                                                                                                                                      • _memset.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,6CF3BAB4), ref: 6CF3C2F9
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000000,?,?,6CF3BAB4), ref: 6CF3C310
                                                                                                                                                                                                      • free.MSVCR100(?,?,?,?,?,00000000,?,?,6CF3BAB4), ref: 6CF3C421
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset$Process$AffinityCurrentMaskfree
                                                                                                                                                                                                      • String ID: $$$
                                                                                                                                                                                                      • API String ID: 3179535153-233714265
                                                                                                                                                                                                      • Opcode ID: 30751270f8a045b3539817efbf6b8507bd1ef7ecc67508c395e5032bbfa52463
                                                                                                                                                                                                      • Instruction ID: 01e9af1ca9f081adc6687ed9affa24ea7cc2eacdadb6aeab6bcc0292be8c8970
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30751270f8a045b3539817efbf6b8507bd1ef7ecc67508c395e5032bbfa52463
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6281CEB1A12224EFCB44DFA8D994AADF7B4FF09704710915BE40ADBA40D7B1E851CF91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7EDB3 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 185stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF006FC: GetLastError.KERNEL32(6CEF31F8,?,6CF0081A,6CF98032), ref: 6CF00700
                                                                                                                                                                                                        • Part of subcall function 6CF006FC: __set_flsgetvalue.MSVCR100 ref: 6CF0070E
                                                                                                                                                                                                        • Part of subcall function 6CF006FC: SetLastError.KERNEL32(00000000), ref: 6CF00720
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000086,00000001), ref: 6CF7EDDC
                                                                                                                                                                                                      • strcpy_s.MSVCR100(?,00000086,00000000,?), ref: 6CF7EE02
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6CF7EE17
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF7DAC9,00000000,?,00000000), ref: 6CF7EE6E
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,6CF7DAC9,00000000,?,00000000), ref: 6CF7EE78
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 6CF7EDFA
                                                                                                                                                                                                        • Part of subcall function 6CF7C284: __sys_nerr.MSVCR100(?,?,6CF7C33C,00000000), ref: 6CF7C291
                                                                                                                                                                                                        • Part of subcall function 6CF7C284: __sys_nerr.MSVCR100(?,?,6CF7C33C,00000000), ref: 6CF7C29A
                                                                                                                                                                                                        • Part of subcall function 6CF7C284: __sys_errlist.MSVCR100(?,?,6CF7C33C,00000000), ref: 6CF7C2A1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast__sys_nerr$__get_sys_err_msg__invoke_watson__set_flsgetvalue__sys_errlist_calloc_crt_errno_invalid_parameter_noinfostrcpy_s
                                                                                                                                                                                                      • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                                                                      • API String ID: 1851745123-798102604
                                                                                                                                                                                                      • Opcode ID: 03e1a16abb644f3dc0814d7a52c32f16d7417c7cc061fe9786f7fd244ad4a5bd
                                                                                                                                                                                                      • Instruction ID: bde8310623f4ca8784d375855309c092384d6548113e54ce2b04d74b3b531608
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03e1a16abb644f3dc0814d7a52c32f16d7417c7cc061fe9786f7fd244ad4a5bd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A41743260A260BFDB219B69AD449EF7FBCEF02628B25092BF41497A51D720D910C3F4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF06AA1 Relevance: 24.2, APIs: 16, Instructions: 234stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___crtGetStringTypeA.LIBCMT ref: 6CF069B7
                                                                                                                                                                                                      • memcmp.MSVCR100(?,000000FE), ref: 6CF06A74
                                                                                                                                                                                                      • _getptd.MSVCR100(00000001,00000000), ref: 6CF06AC9
                                                                                                                                                                                                      • __expandlocale.LIBCMT ref: 6CF06AF1
                                                                                                                                                                                                        • Part of subcall function 6CF050C1: _getptd.MSVCR100(00000000,00000000,00000005), ref: 6CF050F7
                                                                                                                                                                                                        • Part of subcall function 6CF050C1: strcpy_s.MSVCR100(00000000,00000000,6CF051A0,00000000,00000000,00000005), ref: 6CF05165
                                                                                                                                                                                                      • strcmp.MSVCR100(?,?,?,?,?,?,00000001,00000000), ref: 6CF06B10
                                                                                                                                                                                                      • _strlen.LIBCMT(?,?,?,?,?,00000001,00000000), ref: 6CF06B26
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(-00000005,?,?,?,?,?,00000001,00000000), ref: 6CF06B35
                                                                                                                                                                                                        • Part of subcall function 6CF00B31: malloc.MSVCR100(00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF00B3D
                                                                                                                                                                                                      • memcpy.MSVCR100(?,?,00000006,?,?,?,?,00000001,00000000), ref: 6CF06B83
                                                                                                                                                                                                      • strcpy_s.MSVCR100(?,?,?,?,?,00000006,?,?,?,?,00000001,00000000), ref: 6CF06BAC
                                                                                                                                                                                                      • memcpy.MSVCR100(?,?,00000006,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 6CF06BE6
                                                                                                                                                                                                      • _CRT_RTC_INITW.MSVCR100(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 6CF06C12
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 6CF06C3B
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6CF30C5C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _getptdmemcpystrcpy_s$DecrementInterlockedStringType___crt__expandlocale__invoke_watson_malloc_crt_strlenmallocmemcmpstrcmp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 986606718-0
                                                                                                                                                                                                      • Opcode ID: a1d1abd16756992d791b70255428eaad10e08807ace1dbb250469a3f5251c130
                                                                                                                                                                                                      • Instruction ID: 945f9f46d4a334ebe80ac77fafebc0216e9e4a930818153191a3f94f0340ee20
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1d1abd16756992d791b70255428eaad10e08807ace1dbb250469a3f5251c130
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FA1FA71A002199FDB25CF28C891BDAB7F5FF49708F1080AAE91DD7650EB31AA85DF50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF02207 Relevance: 24.2, APIs: 16, Instructions: 165COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fileno$__fassignisleadbyte
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3459433188-0
                                                                                                                                                                                                      • Opcode ID: a7b8d1fecef01ba2ec0dd82ad56e1195c949d8f3915824c68523cc77f607b027
                                                                                                                                                                                                      • Instruction ID: 864e59aa9eefd4e5d2f853ca7e1790de9340d852d2a7e2f5e8125fa7a77d9957
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7b8d1fecef01ba2ec0dd82ad56e1195c949d8f3915824c68523cc77f607b027
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2051597320A5509EC3295B7898146BA3BE89F13F38730471EE4B89BED1DB35C549E364
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3FC47 Relevance: 24.1, APIs: 16, Instructions: 111memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF3FC4E
                                                                                                                                                                                                      • ??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z.MSVCR100(?,00000014,6CF49B77,00000000,?,00000008,6CF4006B,?,00000000,6CFA55DC,?,00000004,6CF40408,6CFA55E0,0000000C,6CF40342), ref: 6CF3FC67
                                                                                                                                                                                                        • Part of subcall function 6CF420A0: ??2@YAPAXI@Z.MSVCR100(00000024,00000000,?,6CF3FC6C,?,00000014,6CF49B77,00000000,?,00000008,6CF4006B,?,00000000,6CFA55DC,?,00000004), ref: 6CF420AA
                                                                                                                                                                                                        • Part of subcall function 6CF420A0: memcpy.MSVCR100(00000000,?,00000024,00000024,00000000,?,6CF3FC6C,?,00000014,6CF49B77,00000000,?,00000008,6CF4006B,?,00000000), ref: 6CF420B9
                                                                                                                                                                                                        • Part of subcall function 6CF41D01: ??_U@YAPAXI@Z.MSVCR100(00000000,?,00000000,6CF3FC84,?,00000014,6CF49B77,00000000,?,00000008,6CF4006B,?,00000000,6CFA55DC,?,00000004), ref: 6CF41D45
                                                                                                                                                                                                        • Part of subcall function 6CF41D01: _memset.LIBCMT(00000000,00000000,?,00000000,?,00000000,6CF3FC84,?,00000014,6CF49B77,00000000,?,00000008,6CF4006B,?,00000000), ref: 6CF41D55
                                                                                                                                                                                                        • Part of subcall function 6CF41D01: ??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000,?,00000000,6CF3FC84,?,00000014,6CF49B77,00000000,?,00000008,6CF4006B,?), ref: 6CF41D5C
                                                                                                                                                                                                        • Part of subcall function 6CF41D01: ??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6CF41D8A
                                                                                                                                                                                                        • Part of subcall function 6CF41D01: InitializeSListHead.KERNEL32(?), ref: 6CF41D9F
                                                                                                                                                                                                        • Part of subcall function 6CF41D01: InitializeSListHead.KERNEL32(?), ref: 6CF41DA5
                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00000014,6CF49B77,00000000,?,00000008,6CF4006B,?,00000000,6CFA55DC,?,00000004,6CF40408,6CFA55E0,0000000C), ref: 6CF3FC97
                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?), ref: 6CF3FD39
                                                                                                                                                                                                      • InitializeSListHead.KERNEL32(?), ref: 6CF3FD5E
                                                                                                                                                                                                      • InitializeSListHead.KERNEL32(?), ref: 6CF3FD67
                                                                                                                                                                                                      • InitializeSListHead.KERNEL32(?), ref: 6CF3FD70
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000000), ref: 6CF3FD76
                                                                                                                                                                                                        • Part of subcall function 6CF420F1: std::exception::exception.LIBCMT(6CF41F83,?,6CF41F83,00000001), ref: 6CF42110
                                                                                                                                                                                                        • Part of subcall function 6CF420F1: _CxxThrowException.MSVCR100(?,6CFA0DAC,6CF41F83), ref: 6CF42125
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000004,00000000), ref: 6CF3FD83
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000007,00000004,00000000), ref: 6CF3FD91
                                                                                                                                                                                                        • Part of subcall function 6CF3B72F: __EH_prolog3.LIBCMT ref: 6CF3B736
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000007,00000004,00000000), ref: 6CF3FDA5
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000002,00000007,00000004,00000000), ref: 6CF3FDC2
                                                                                                                                                                                                      • TlsAlloc.KERNEL32(00000002,00000002,00000007,00000004,00000000), ref: 6CF3FDCD
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CF45442), ref: 6CF3FDDB
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF3FDF3
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF3FE01
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Policy$Initialize$Concurrency@@Policy@Scheduler$ElementHeadKey@2@@ListValue@$??2@CountCriticalExceptionH_prolog3SectionSpinThrow$AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastV01@@_memsetmemcpystd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4135718791-0
                                                                                                                                                                                                      • Opcode ID: 9374bee8063d8b81e87f480c96bf39a70187d619e5bb344f07fc6e4756d8af92
                                                                                                                                                                                                      • Instruction ID: 19643152cd8fb847f4b9cf940538a52777de0da3ac4fbdd1cf78bc00e93b4e86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9374bee8063d8b81e87f480c96bf39a70187d619e5bb344f07fc6e4756d8af92
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB5109B1A00A56EBCB48CFB9C894BD8FBB4BF08314F50862ED52D87681D771A564CF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0BCC7 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 223COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wsopen_s.MSVCR100(?,?,00000000,?,00000180,00000000,?,?), ref: 6CF0BD91
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wsopen_s
                                                                                                                                                                                                      • String ID: UNICODE$UTF-16LE$UTF-8$ccs
                                                                                                                                                                                                      • API String ID: 2316899696-3573488595
                                                                                                                                                                                                      • Opcode ID: 421f0dab3f6cf7acde23fac6ddbdbda423e2c89df2e1b6d1c9ee6d52e5717f41
                                                                                                                                                                                                      • Instruction ID: ae59c2750f323353a587d0f567f56f318f41e627731e2b9ba73dc93566d24405
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 421f0dab3f6cf7acde23fac6ddbdbda423e2c89df2e1b6d1c9ee6d52e5717f41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62719D72F0A205DEEB104F9DC4547AAB7F0EF12B0CF648566DC50A7D90E3B58A84E762
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A35E Relevance: 22.6, APIs: 15, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • free.MSVCR100(?,6CF043AA,-0000006C,?,?,6CF0A3E1,-0000006C,-0000006C,?,?,6CF05294,-0000006C), ref: 6CF0A3C4
                                                                                                                                                                                                      • free.MSVCR100(?,6CF043AA,-0000006C,?,?,6CF0A3E1,-0000006C,-0000006C,?,?,6CF05294,-0000006C), ref: 6CF16EFC
                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 6CF16F07
                                                                                                                                                                                                      • free.MSVCR100(?,6CF043AA,-0000006C,?,?,6CF0A3E1,-0000006C,-0000006C,?,?,6CF05294,-0000006C), ref: 6CF16F1D
                                                                                                                                                                                                      • ___free_lconv_num.LIBCMT ref: 6CF16F28
                                                                                                                                                                                                      • free.MSVCR100(?,6CF043AA,-0000006C,?,?,6CF0A3E1,-0000006C,-0000006C,?,?,6CF05294,-0000006C), ref: 6CF16F35
                                                                                                                                                                                                      • free.MSVCR100(?,?,6CF043AA,-0000006C,?,?,6CF0A3E1,-0000006C,-0000006C,?,?,6CF05294,-0000006C), ref: 6CF16F40
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free$___free_lconv_mon___free_lconv_num
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2838340673-0
                                                                                                                                                                                                      • Opcode ID: bf73ce837a1fa1565102e3ee63d831209eecc26b4b9d0565b57443af865eba14
                                                                                                                                                                                                      • Instruction ID: 4d85553fa25b1c7de2857be0229ae2ceaa15546fa02ca259c41241bf3d249ad8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf73ce837a1fa1565102e3ee63d831209eecc26b4b9d0565b57443af865eba14
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0318372309341DFDB205F65DD90B8AB7E6FB0071CF35092EE15AD7E20DB72A884A651
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF00F61 Relevance: 21.2, APIs: 14, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fileno$__cftof
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 813615167-0
                                                                                                                                                                                                      • Opcode ID: 73767c4c2edc3adbbc5569972e769fd6b5cd2d0c68505cd5034dd9cc81f4d982
                                                                                                                                                                                                      • Instruction ID: ef729e831437a256c9ee063ebe720e517d88994a6ec38e0323171f8b65e7803d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73767c4c2edc3adbbc5569972e769fd6b5cd2d0c68505cd5034dd9cc81f4d982
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 054116376195599AC3444F28E8549EE3BA5EF02B78370071AE478DBEE0DF30D64AE690
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF767E6 Relevance: 21.2, APIs: 14, Instructions: 151COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __aligned_offset_malloc.LIBCMT(?,?,?), ref: 6CF76801
                                                                                                                                                                                                        • Part of subcall function 6CF766D4: _errno.MSVCR100 ref: 6CF766E4
                                                                                                                                                                                                        • Part of subcall function 6CF766D4: _invalid_parameter_noinfo.MSVCR100 ref: 6CF766EF
                                                                                                                                                                                                      • __aligned_free.LIBCMT(?), ref: 6CF76813
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __aligned_free__aligned_offset_malloc_errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2665303786-0
                                                                                                                                                                                                      • Opcode ID: 3bb375c10f99f6a16da1e0110cf3284566e006df4115432e636dbbf042099238
                                                                                                                                                                                                      • Instruction ID: c524418cd9e66da531d8776428f654f04cd26a682a2ccf1e00e39812e5694528
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bb375c10f99f6a16da1e0110cf3284566e006df4115432e636dbbf042099238
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F514171A0420ADFCF15CF68E8905DEBBB5AF44358F14856AE815E7640EB71DA44CB60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF01D3F Relevance: 21.1, APIs: 14, Instructions: 108threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __set_flsgetvalue.MSVCR100(6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF01D6A
                                                                                                                                                                                                        • Part of subcall function 6CF00341: TlsGetValue.KERNEL32(?,6CF00713), ref: 6CF0034A
                                                                                                                                                                                                      • TlsGetValue.KERNEL32(6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF01D7B
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000001,00000214), ref: 6CF01D8E
                                                                                                                                                                                                      • DecodePointer.KERNEL32(00000000), ref: 6CF01DAC
                                                                                                                                                                                                      • _initptd.MSVCR100(00000000,00000000), ref: 6CF01DBE
                                                                                                                                                                                                        • Part of subcall function 6CF01E9B: GetModuleHandleW.KERNEL32(KERNEL32.DLL,6CF01F38,00000008,6CF275E9,00000000,00000000), ref: 6CF01EAC
                                                                                                                                                                                                        • Part of subcall function 6CF01E9B: _lock.MSVCR100(0000000D), ref: 6CF01EE0
                                                                                                                                                                                                        • Part of subcall function 6CF01E9B: InterlockedIncrement.KERNEL32(?), ref: 6CF01EED
                                                                                                                                                                                                        • Part of subcall function 6CF01E9B: _lock.MSVCR100(0000000C), ref: 6CF01F01
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF01DC5
                                                                                                                                                                                                      • __freeptd.LIBCMT ref: 6CF02971
                                                                                                                                                                                                      • __heap_init.LIBCMT ref: 6CF0B8B1
                                                                                                                                                                                                      • GetCommandLineA.KERNEL32(6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF0B8E2
                                                                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 6CF0B8ED
                                                                                                                                                                                                      • __ioterm.LIBCMT ref: 6CF17B7E
                                                                                                                                                                                                      • free.MSVCR100(00000000), ref: 6CF27485
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CommandLineValue_lock$CurrentDecodeHandleIncrementInterlockedModulePointerThread__freeptd__heap_init__ioterm__set_flsgetvalue_calloc_crt_initptdfree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2121586863-0
                                                                                                                                                                                                      • Opcode ID: 643aa12c390a34fe551d1cde12d2e46ceb5c79c3df85301a97a0b279be68fdc9
                                                                                                                                                                                                      • Instruction ID: 71a3ba7aed53611795b41919d1a43571125d32938a9bd8dd34a410a6466209b1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 643aa12c390a34fe551d1cde12d2e46ceb5c79c3df85301a97a0b279be68fdc9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A314531B1AA41DADF016BF6E82478E3AF0EF06B1DB305517D428C1E84DF21C144BA22
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0E4D0 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::Name::operator=
                                                                                                                                                                                                      • String ID: class $coclass $cointerface $enum $struct $union $unknown ecsu'
                                                                                                                                                                                                      • API String ID: 1765408024-3025788322
                                                                                                                                                                                                      • Opcode ID: 63f9c4cf293cf948bc1ea9b78140f4db0b2ea689f9ad93ecaaf93f25ff74782a
                                                                                                                                                                                                      • Instruction ID: bfdaef573c9eccd812adcc277594c20913b0a62768db839362d4ad9973d7dd6d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63f9c4cf293cf948bc1ea9b78140f4db0b2ea689f9ad93ecaaf93f25ff74782a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8031A172E14508DBCB04CBE8C960AFEBBB4FF49755F40485AE451E7A40EB309A04DB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40122 Relevance: 19.7, APIs: 13, Instructions: 172COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(00000008,71328D80,?,?), ref: 6CF4015F
                                                                                                                                                                                                        • Part of subcall function 6CF0232B: malloc.MSVCR100(?), ref: 6CF02336
                                                                                                                                                                                                      • ?GetProcessorNodeCount@Concurrency@@YAIXZ.MSVCR100(71328D80,?,?), ref: 6CF4019A
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,71328D80,?,?), ref: 6CF401B3
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,71328D80,?,?), ref: 6CF401CE
                                                                                                                                                                                                      • _memset.LIBCMT(?,00000000,?,71328D80,?,?), ref: 6CF401E2
                                                                                                                                                                                                      • _memset.LIBCMT(?,00000000,?,71328D80,?,?), ref: 6CF401F5
                                                                                                                                                                                                      • CreateSemaphoreW.KERNEL32(00000000,00000000,7FFFFFFF,00000000,?,?,?,71328D80,?,?), ref: 6CF40245
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,71328D80,?,?), ref: 6CF40255
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,71328D80,?,?), ref: 6CF4026E
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000,?,?,?,71328D80,?,?), ref: 6CF4027D
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(0000000C,?,?,?,71328D80,?,?), ref: 6CF40284
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,?,?,?,71328D80,?,?), ref: 6CF402B1
                                                                                                                                                                                                      • _memset.LIBCMT(00000000,00000000,00000000,?,?,?,71328D80,?,?), ref: 6CF402C2
                                                                                                                                                                                                        • Part of subcall function 6CF416D1: _memset.LIBCMT(?,00000000,0000003E,00000000,00000000), ref: 6CF416F0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset$??2@$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConcurrency@@Count@CreateErrorExceptionLastNodeProcessorSemaphoreThrowmalloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1488694034-0
                                                                                                                                                                                                      • Opcode ID: 68e855587af20496bdff17c632e667a0f7942e73d26eab0d7564907638b7932c
                                                                                                                                                                                                      • Instruction ID: 4724642087931f589b81ee3b979b3f06d889f842b402f37499a966ac34ed5c49
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68e855587af20496bdff17c632e667a0f7942e73d26eab0d7564907638b7932c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E251C1B1604741DFD724CF38D885B6ABBE4FF48314F208A2EE16AC7A91DB71A8458B44
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0CBFC Relevance: 19.6, APIs: 13, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wcsnlen.MSVCR100(?,?,?,?,?,?,?,?,6CF0CC8D,?,?,?), ref: 6CF0CC20
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,6CF0CC8D,?,?,?), ref: 6CF2C847
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,6CF0CC8D,?,?,?), ref: 6CF2C851
                                                                                                                                                                                                      • ___crtLCMapStringW.LIBCMT(?,00000200,?,000000FF,00000000,00000000,?,?,?,?,?,?,6CF0CC8D,?,?,?), ref: 6CF2C86E
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF0CC8D,?,?,?), ref: 6CF2C87F
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF0CC8D,?,?,?), ref: 6CF2C88A
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF0CC8D,?,?,?), ref: 6CF2C8A0
                                                                                                                                                                                                      • malloc.MSVCR100(00000008,?,?,6CF0CC8D,?,?,?), ref: 6CF2C8D8
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF0CC8D,?,?,?), ref: 6CF2C8F4
                                                                                                                                                                                                      • ___crtLCMapStringW.LIBCMT(?,00000200,?,000000FF,00000000,00000000,?,?,6CF0CC8D,?,?,?), ref: 6CF2C90F
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(?,?,00000000,?,?,?,?,?,?,?,?,6CF0CC8D,?,?,?), ref: 6CF2C920
                                                                                                                                                                                                      • _freea_s.MSVCR100(00000000,?,?,?,?,?,?,?,?,6CF0CC8D,?,?,?), ref: 6CF2C939
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$String___crt$_freea_s_invalid_parameter_noinfomallocwcscpy_swcsnlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4082481270-0
                                                                                                                                                                                                      • Opcode ID: 6d7ce011f07d2e01e0ba395cea2445f6feab80c21aeb6104136e2b950aa6149e
                                                                                                                                                                                                      • Instruction ID: b8689b7d4b77b097e3e6b0bc4c4dba6e81147b011d109a1d69ed965dd19ac033
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d7ce011f07d2e01e0ba395cea2445f6feab80c21aeb6104136e2b950aa6149e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5041F472704144EFEB146FA8CC909EA37E8EF46B18B10816AE415DBB90EB74C944D7A6
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04D90 Relevance: 19.6, APIs: 13, Instructions: 140stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00000355,00000000,6CF05249,00000001,00000000,00000000), ref: 6CF04DA4
                                                                                                                                                                                                        • Part of subcall function 6CF00B31: malloc.MSVCR100(00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF00B3D
                                                                                                                                                                                                        • Part of subcall function 6CF04D56: strcat_s.MSVCR100(6CF06E28,6CF06E07,6CF06E18,?,00000083,00000083,?,6CF06E1C,6CF06E07,6CF06E28,00000002,6CF06E28,6CF06E07,?,00000000,00000000), ref: 6CF04D75
                                                                                                                                                                                                      • strcat_s.MSVCR100(00000004,00000351,6CF04D54,?,?,?,?,?,00000000,6CF05249,00000001,00000000), ref: 6CF04DF1
                                                                                                                                                                                                      • strcmp.MSVCR100(00000000,00000010,?,?,?,?,?,?,?,?,00000000,6CF05249,00000001,00000000), ref: 6CF04E0E
                                                                                                                                                                                                      • free.MSVCR100(6CF05249,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CF04E55
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CF05249,00000001), ref: 6CF30BD1
                                                                                                                                                                                                      • free.MSVCR100(?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CF05249), ref: 6CF30BD9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: freestrcat_s$__invoke_watson_malloc_crtmallocstrcmp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1358975119-0
                                                                                                                                                                                                      • Opcode ID: be66a097f1f3b599fa6115a42237ef54851220f41b50d3728870d76f37290305
                                                                                                                                                                                                      • Instruction ID: 9be02bb0160550fa67cc0304434730341563e054666d20240af52efd5c0c4d46
                                                                                                                                                                                                      • Opcode Fuzzy Hash: be66a097f1f3b599fa6115a42237ef54851220f41b50d3728870d76f37290305
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9418071A04745AFDB109F69CC90B9BBBF8BF11B0CF10492DE41597E60E7B1E948AB00
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF027E3 Relevance: 19.6, APIs: 13, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock.MSVCR100(0000000D,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF02857
                                                                                                                                                                                                        • Part of subcall function 6CF00910: EnterCriticalSection.KERNEL32(00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0092B
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF02869
                                                                                                                                                                                                      • _lock.MSVCR100(0000000C,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF02885
                                                                                                                                                                                                      • free.MSVCR100(00000000,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF028B9
                                                                                                                                                                                                      • free.MSVCR100(00000000), ref: 6CF27615
                                                                                                                                                                                                      • free.MSVCR100(?,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF27621
                                                                                                                                                                                                      • free.MSVCR100(?,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF2762D
                                                                                                                                                                                                      • free.MSVCR100(?,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF27639
                                                                                                                                                                                                      • free.MSVCR100(?,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF27645
                                                                                                                                                                                                      • free.MSVCR100(?,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF27651
                                                                                                                                                                                                      • free.MSVCR100(?,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF2765D
                                                                                                                                                                                                      • free.MSVCR100(?,6CF028C8,00000008,6CF02952,00000000,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF27669
                                                                                                                                                                                                      • free.MSVCR100(?,?,6CF02976,00000000,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF27675
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free$_lock$CriticalDecrementEnterInterlockedSection
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3254847666-0
                                                                                                                                                                                                      • Opcode ID: 9b862fa05550f8578ab139ae605823e7b45104eba4e2cb5d4f35a88d3ab40932
                                                                                                                                                                                                      • Instruction ID: 4b15febba4444c01dbec5ef1e04e3de76d31eb15d40cf381ad5ef146d94f49a6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b862fa05550f8578ab139ae605823e7b45104eba4e2cb5d4f35a88d3ab40932
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E31B0367466019AD7109EB99968B4B77F87F41F1DF21051FD015ABE80EB7AE084B620
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF1269E Relevance: 19.6, APIs: 13, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFullPathNameA.KERNEL32(?,?,00000000,?), ref: 6CF126E2
                                                                                                                                                                                                      • GetFullPathNameA.KERNEL32(?,00000000,00000000,00000000), ref: 6CF27A58
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF27A5E
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000), ref: 6CF27A65
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF27A7F
                                                                                                                                                                                                      • calloc.MSVCR100(?,00000001), ref: 6CF27A94
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF27AA5
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF27AB2
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF27ABD
                                                                                                                                                                                                      • free.MSVCR100(00000000), ref: 6CF27ACB
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF27AD1
                                                                                                                                                                                                      • free.MSVCR100(00000000), ref: 6CF27AE8
                                                                                                                                                                                                      • _getcwd.MSVCR100(?,?), ref: 6CF27AF9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$FullNamePathfree$ErrorLast__dosmaperr_getcwd_invalid_parameter_noinfocalloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4002649621-0
                                                                                                                                                                                                      • Opcode ID: 00273be8afe7c6aa8e8f609a8444ccb7bf0a180be5b84107102d3bc5e900535f
                                                                                                                                                                                                      • Instruction ID: 16f591c877cbbadfa5c10feed3a31bf28df432af342173d637dddb03dd0c20e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00273be8afe7c6aa8e8f609a8444ccb7bf0a180be5b84107102d3bc5e900535f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4521B572608249EEDB045EE4CC9068F37A9FB42378B254427E511CB9A0DB798A449EA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0E70E Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • `non-type-template-parameter, xrefs: 6CF2D11F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::
                                                                                                                                                                                                      • String ID: `non-type-template-parameter
                                                                                                                                                                                                      • API String ID: 1333004437-4247534891
                                                                                                                                                                                                      • Opcode ID: a494d8e6dc92b3231549772bb301d1c836d33fc8f9ee0c3ce0b5ddfa4ce8cce9
                                                                                                                                                                                                      • Instruction ID: dff139bc4930fd6f9403a80e669f2f2feacbe7fb59e1f5643e9b7526c91007aa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a494d8e6dc92b3231549772bb301d1c836d33fc8f9ee0c3ce0b5ddfa4ce8cce9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6041E271B45208EFEB04CFA8D850BEE7BB5AF46748F044069E9958BB51E730D906D7D0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF18639 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 109COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _getptd$MatchType
                                                                                                                                                                                                      • String ID: MOC$RCC$csm$csm
                                                                                                                                                                                                      • API String ID: 965401092-1441736206
                                                                                                                                                                                                      • Opcode ID: a8c60d8e1276021d7158493a35427765fadefa4f5b660dad636263f93ba6c187
                                                                                                                                                                                                      • Instruction ID: 3d373d2bf1a6397dc6d4bd01085b2e9066c4604fdd3f5d85f430f12561376f5e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8c60d8e1276021d7158493a35427765fadefa4f5b660dad636263f93ba6c187
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB31C4316046058FEB20EFA6C580B9A73B8BF0134DF29466BD859C7E11D778D949CF92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF02BD6 Relevance: 18.0, APIs: 8, Strings: 2, Instructions: 486COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __forcdecpt_l_isleadbyte_l_mbtowc_l_strlen
                                                                                                                                                                                                      • String ID: $g
                                                                                                                                                                                                      • API String ID: 3157115575-3845294767
                                                                                                                                                                                                      • Opcode ID: aa74dbd3a1651446c3104689511895d9b40e2a507d4df07b6d02481466ae7653
                                                                                                                                                                                                      • Instruction ID: 3fd084b1eb09620288dd94100cffe7184eec804f1f023d91c167c5d97efbc3a6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa74dbd3a1651446c3104689511895d9b40e2a507d4df07b6d02481466ae7653
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 022291F1F0522DCADB208F14CCA4BD9B7B4AB05B18F1482E9D708A7641D7719AC9DF68
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40856 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 6CF40889
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 6CF4088F
                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000), ref: 6CF40892
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF4089C
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF408B4
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(6CF338A8,6CFA0C0C,?), ref: 6CF408C2
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(0000000C,6CF338A8,6CFA0C0C,?), ref: 6CF408C9
                                                                                                                                                                                                      • ?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100(6CF338A8,6CFA0C0C,?), ref: 6CF408DC
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?), ref: 6CF4092E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess$??2@AcquireConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConcurrency@@DuplicateErrorExceptionHandleLastLock@details@ReaderThrowWrite@_Writerstd::exception::exception
                                                                                                                                                                                                      • String ID: eventObject
                                                                                                                                                                                                      • API String ID: 1946344800-1680012138
                                                                                                                                                                                                      • Opcode ID: 108a53b304b0f785063fd496a644ee44088e402b2fa088801b1aa628823f1e18
                                                                                                                                                                                                      • Instruction ID: fb0085eb987d10f6c518b44c201169d4c4b1ef76fc9b7eecaaba01a2ccf86e8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 108a53b304b0f785063fd496a644ee44088e402b2fa088801b1aa628823f1e18
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A3173B2600219EFDB10DFA8C980ADABBF8FF19354B10852AE415D7A51D774E915CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0E5EC Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::operator+
                                                                                                                                                                                                      • String ID: cli::array<$cli::pin_ptr<$void$void
                                                                                                                                                                                                      • API String ID: 1360548761-456688812
                                                                                                                                                                                                      • Opcode ID: d1d899781e8852cb92ebc155604bf7558f3ea889f812637b1d26ac19a95c99e4
                                                                                                                                                                                                      • Instruction ID: a9fd5c990f9bce072b4755035879b9cf330dc7bd45ecfe728f3470cf81c0c596
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1d899781e8852cb92ebc155604bf7558f3ea889f812637b1d26ac19a95c99e4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0218EB5A04208EFDF05CF94D851EEE7BB9FF05358F008566E814ABA50DB75EA44CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5ED85 Relevance: 16.7, APIs: 11, Instructions: 202COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5EDB9
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF5EDC3
                                                                                                                                                                                                      • _strnset_s.MSVCR100(?,?,?,?,?), ref: 6CF5EDEC
                                                                                                                                                                                                      • _ismbblead_l.MSVCR100(?,?,?), ref: 6CF5EE2A
                                                                                                                                                                                                      • _ismbblead_l.MSVCR100(?,?,?), ref: 6CF5EE56
                                                                                                                                                                                                      • _errno.MSVCR100(?), ref: 6CF5EE67
                                                                                                                                                                                                      • _ismbblead_l.MSVCR100(?,?,?), ref: 6CF5EEA1
                                                                                                                                                                                                      • _ismbblead_l.MSVCR100(?,?,?), ref: 6CF5EEC8
                                                                                                                                                                                                      • _ismbblead_l.MSVCR100(?,?,?), ref: 6CF5EF0B
                                                                                                                                                                                                      • _errno.MSVCR100(?), ref: 6CF5EF62
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?), ref: 6CF5EF6C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _ismbblead_l$_errno$_invalid_parameter_noinfo$_strnset_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1238685693-0
                                                                                                                                                                                                      • Opcode ID: 451579e326fb501774bd7600a0189bfbc49a95f233c43c65bca1681ec20d64c1
                                                                                                                                                                                                      • Instruction ID: 0690d5aa6fbd2abd5dc756768e0209d496f52f9c7fb453db9846ddc2f6468e54
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 451579e326fb501774bd7600a0189bfbc49a95f233c43c65bca1681ec20d64c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A171B071C0928AEFDF10CF94D4405EEBBF4AF25308FA444AFE6A056941D73A91A4CBE1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF42407 Relevance: 16.7, APIs: 11, Instructions: 153threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF4240E
                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,00000000,6CF3D7F5,00000000,?,00000000,00000000), ref: 6CF42439
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000001,?,00000000,00000000), ref: 6CF42494
                                                                                                                                                                                                        • Part of subcall function 6CF420F1: std::exception::exception.LIBCMT(6CF41F83,?,6CF41F83,00000001), ref: 6CF42110
                                                                                                                                                                                                        • Part of subcall function 6CF420F1: _CxxThrowException.MSVCR100(?,6CFA0DAC,6CF41F83), ref: 6CF42125
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000001,?,00000000,00000000), ref: 6CF424A3
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000003,00000002,00000001,?,00000000,00000000), ref: 6CF424B2
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6CF424C1
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000006,00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6CF424D0
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000008,00000006,00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6CF424DF
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 6CF424FD
                                                                                                                                                                                                      • GetThreadPriority.KERNEL32(00000000), ref: 6CF42504
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(00000838), ref: 6CF42605
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Policy$Concurrency@@ElementKey@2@@Policy@SchedulerValue@$Thread$??2@CountCriticalCurrentExceptionH_prolog3InitializePrioritySectionSpinThrowstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 138514572-0
                                                                                                                                                                                                      • Opcode ID: b83977f3c39a2d485601e7b6c7ebf9f57c85054595b05578774a3fd1d758a489
                                                                                                                                                                                                      • Instruction ID: 49f5c9689304174fdc5d54b2e7757f654cd1f6d7b106cb8e15796d9330f3ddb0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b83977f3c39a2d485601e7b6c7ebf9f57c85054595b05578774a3fd1d758a489
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0261F671B04A06AFD748CF39C494B99FBA2BF48300F54C62EE46DC7B41DB71A5648B80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4C475 Relevance: 16.6, APIs: 11, Instructions: 66threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF4C485
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF4C490
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • __set_flsgetvalue.MSVCR100 ref: 6CF4C49B
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000001,00000214), ref: 6CF4C4A7
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF4C4B4
                                                                                                                                                                                                      • _initptd.MSVCR100(00000000,?), ref: 6CF4C4BD
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,6CF4C41C,00000000,00000004,00000000), ref: 6CF4C4DB
                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 6CF4C4EB
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF4C4F6
                                                                                                                                                                                                      • free.MSVCR100(00000000), ref: 6CF4C4FF
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000), ref: 6CF4C50A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr__set_flsgetvalue_calloc_crt_errno_getptd_initptd_invalid_parameter_invalid_parameter_noinfofree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 697002476-0
                                                                                                                                                                                                      • Opcode ID: 479081ffee3ab2f0d3e122860343c59bacf068c4e332553be9a784bf8aae6674
                                                                                                                                                                                                      • Instruction ID: f83056c094d46029dca8108df90a3e9cd11ca1b86c03f33a6b084e590c5429c6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 479081ffee3ab2f0d3e122860343c59bacf068c4e332553be9a784bf8aae6674
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8112972601B44ABD7102FB59C44EDF3FA4DF81B78B20461AF52897AD2DFB1D8085260
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF124DC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock.MSVCR100(00000007,6CF12588,0000000C), ref: 6CF124EA
                                                                                                                                                                                                        • Part of subcall function 6CF00910: EnterCriticalSection.KERNEL32(00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0092B
                                                                                                                                                                                                      • _wcslen.LIBCMT(00000000,6CF12588,0000000C), ref: 6CF12541
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(?,?,00000000,6CF12588,0000000C), ref: 6CF1255F
                                                                                                                                                                                                      • _errno.MSVCR100(6CF12588,0000000C), ref: 6CF30885
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF12588,0000000C), ref: 6CF3088F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalEnterSection_errno_invalid_parameter_noinfo_lock_wcslenwcscpy_s
                                                                                                                                                                                                      • String ID: "
                                                                                                                                                                                                      • API String ID: 173085347-123907689
                                                                                                                                                                                                      • Opcode ID: 06f0ae8756b1b3750a82f87a475aa5bf5fcb1e579e3d2fbcf5a40d2eeebd7805
                                                                                                                                                                                                      • Instruction ID: b985ac23fd736cf022e289a83307ae0ebdd46e6288cb05d2e8bf2c9c8d4f8017
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06f0ae8756b1b3750a82f87a475aa5bf5fcb1e579e3d2fbcf5a40d2eeebd7805
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C521F572A0928ADBDF109FE888D45DE77A0BF06708F60443AE525D7E40CBB285449BD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF1849C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _getptd$CreateFrameInfo
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 4181383844-1018135373
                                                                                                                                                                                                      • Opcode ID: ee9433f339cb7b9da5782f5a658190c2ebd1158e1dd95009b2f6654185de1b39
                                                                                                                                                                                                      • Instruction ID: 3f0800cb9a4a7207a64ab6ffca16a634b2a3e5af49a4d142f5d2feb05ef40ff1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee9433f339cb7b9da5782f5a658190c2ebd1158e1dd95009b2f6654185de1b39
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74112632548A018FC720AF66C444B9A7BB4FF0077AF26866BC4598BE51DB78E449DF81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0232B Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • malloc.MSVCR100(?), ref: 6CF02336
                                                                                                                                                                                                        • Part of subcall function 6CF00233: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6CF00B42,00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7), ref: 6CF00263
                                                                                                                                                                                                      • _callnewh.MSVCR100(?), ref: 6CF2F2A8
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?,00000001), ref: 6CF2F2DF
                                                                                                                                                                                                      • atexit.MSVCR100(6CFA09C8,?,00000001), ref: 6CF2F2EF
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(6CFA8518), ref: 6CF2F2F9
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CF0C888,6CFA8518), ref: 6CF2F30A
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF2F319
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF2F326
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errnostd::exception::exception$AllocateExceptionHeapThrow_callnewhatexitmalloc
                                                                                                                                                                                                      • String ID: bad allocation
                                                                                                                                                                                                      • API String ID: 903262172-2104205924
                                                                                                                                                                                                      • Opcode ID: 9cdcf3b30048ae7a42c1601aca6c009a2adac8dcbec7560b75c364c4b9fd2a2c
                                                                                                                                                                                                      • Instruction ID: 1f3e7072560c49c5e69fb46511b7ee3afa2ef4f19d142ab0f40d9457429bcf72
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cdcf3b30048ae7a42c1601aca6c009a2adac8dcbec7560b75c364c4b9fd2a2c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D301D635B00149EEDF08EB94D9216DDBAB8AF45B5CB200459D800A6F80DBB18B45E7A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF160D3 Relevance: 15.2, APIs: 10, Instructions: 245COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,?,?,00000000,00000000), ref: 6CF16170
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000), ref: 6CF161D6
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,6CF162D7,00000000,00000000,00000000), ref: 6CF161EF
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,6CF162D7,00000000,00000000,00000000), ref: 6CF16240
                                                                                                                                                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,00000000,00000000), ref: 6CF16254
                                                                                                                                                                                                      • _freea_s.MSVCR100(00000000), ref: 6CF1625E
                                                                                                                                                                                                      • _freea_s.MSVCR100(00000000), ref: 6CF16267
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide$_freea_s$CompareString
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3891795400-0
                                                                                                                                                                                                      • Opcode ID: 36edaa1fb8390bad2a2049ff46a8e18947a3f79d8485b72a33a577daa929a53b
                                                                                                                                                                                                      • Instruction ID: 930eef32eb2d54f7ea82ab2f765121585e9479f176fcc61972ebee1b88b1e7d8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36edaa1fb8390bad2a2049ff46a8e18947a3f79d8485b72a33a577daa929a53b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F181C532A09295ABDF028E648C51BDF7BB6DF46728F24011AF824E6E90C7B5D854CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40CE3 Relevance: 15.2, APIs: 10, Instructions: 153COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF40CEA
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000010,6CF38C3B,00000000,?,6CF40AE8,?,?,?,00000000), ref: 6CF40CFF
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(0000000C), ref: 6CF40D3F
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(00000120), ref: 6CF40D92
                                                                                                                                                                                                      • _memset.LIBCMT(00000000,00000000,00000120), ref: 6CF40DA4
                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6CF40DC9
                                                                                                                                                                                                      • _memset.LIBCMT(00000020,00000000,00000100), ref: 6CF40DDD
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 6CF40E84
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6CF40E91
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 6CF40EB5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ??2@CriticalEventSection_memset$CloseCreateEnterH_prolog3HandleLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3129499143-0
                                                                                                                                                                                                      • Opcode ID: bb38d46ffd82e20f351fd11cfd4991ad1616170b2e2ebab8da4034d9f6f4e009
                                                                                                                                                                                                      • Instruction ID: ff234524075d15ba286329550831be0ba22651792545e68573d2be2fce573910
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb38d46ffd82e20f351fd11cfd4991ad1616170b2e2ebab8da4034d9f6f4e009
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 765158B0A007469FD724CF68C484B9ABBF4FF09704F10C569E89A9BB52DB70E955CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5C170 Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5C19E
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF5C1A9
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,000000FF,?,?,?), ref: 6CF5C20B
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF5C215
                                                                                                                                                                                                      • _isleadbyte_l.MSVCR100(?,?), ref: 6CF5C23B
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 6CF5C266
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5C26C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide_errno$ErrorLast_invalid_parameter_noinfo_isleadbyte_l
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4049637251-0
                                                                                                                                                                                                      • Opcode ID: 6647daa455687b5739812eef803b1102d9a404428eed1b001ffc52435b6ea583
                                                                                                                                                                                                      • Instruction ID: df4704f0b138d8c9ccbcae8e3f63ae284226f3a4244f3e5e725c57724ca21421
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6647daa455687b5739812eef803b1102d9a404428eed1b001ffc52435b6ea583
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E415A31504245EFCB12AFE5CC44B9A3BB4FF5A328F654245EA229B5D1DB30C560CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF1070F Relevance: 15.1, APIs: 10, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000080,00000000,6CFA45D0,00000001,?,?,00000000,?,?,?,?,6CFA45D0,?), ref: 6CF1076B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 626452242-0
                                                                                                                                                                                                      • Opcode ID: 7e1721783a824ec621827e6bdabc671801388853c84f135e1b57f569a693b252
                                                                                                                                                                                                      • Instruction ID: 810427eaf0d3b9326ccecce1c4282c96fb05144c2b84aa2def45a4b47e78c336
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e1721783a824ec621827e6bdabc671801388853c84f135e1b57f569a693b252
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1411632605186EFDB119FA8C8D4DDE3FF4EF42328B114169E5604BE90DB748D41CBA2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5A220 Relevance: 15.1, APIs: 10, Instructions: 116timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5A246
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF5A250
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _get_timezone.MSVCR100(?), ref: 6CF5A271
                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?), ref: 6CF5A297
                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6CF5A2B1
                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,23C34600,00000000), ref: 6CF5A2D9
                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6CF5A347
                                                                                                                                                                                                      • __aullrem.LIBCMT ref: 6CF5A355
                                                                                                                                                                                                      • __aulldiv.LIBCMT ref: 6CF5A373
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time__aulldiv$FileInformationSystemZone__aullrem_errno_get_timezone_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1439004929-0
                                                                                                                                                                                                      • Opcode ID: c45b0969cd051bd424a1f10f594873783c11242ca854b2642605fadc57b1730a
                                                                                                                                                                                                      • Instruction ID: c0bbd1232b840702e41363948798555620407ea107c62b0d3d7134640426c550
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c45b0969cd051bd424a1f10f594873783c11242ca854b2642605fadc57b1730a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2741F371A04348DFDB60DFA5DC45FAEB7F9FB49718F20018AE21897680D770A9A4CB61
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF48E43 Relevance: 15.1, APIs: 10, Instructions: 89COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF48E4A
                                                                                                                                                                                                        • Part of subcall function 6CF42407: __EH_prolog3.LIBCMT ref: 6CF4240E
                                                                                                                                                                                                        • Part of subcall function 6CF42407: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,00000000,6CF3D7F5,00000000,?,00000000,00000000), ref: 6CF42439
                                                                                                                                                                                                        • Part of subcall function 6CF42407: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000001,?,00000000,00000000), ref: 6CF42494
                                                                                                                                                                                                        • Part of subcall function 6CF42407: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002,00000001,?,00000000,00000000), ref: 6CF424A3
                                                                                                                                                                                                        • Part of subcall function 6CF42407: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000003,00000002,00000001,?,00000000,00000000), ref: 6CF424B2
                                                                                                                                                                                                        • Part of subcall function 6CF42407: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6CF424C1
                                                                                                                                                                                                        • Part of subcall function 6CF42407: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000006,00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6CF424D0
                                                                                                                                                                                                        • Part of subcall function 6CF42407: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000008,00000006,00000005,00000003,00000002,00000001,?,00000000,00000000), ref: 6CF424DF
                                                                                                                                                                                                        • Part of subcall function 6CF42407: GetCurrentThread.KERNEL32 ref: 6CF424FD
                                                                                                                                                                                                        • Part of subcall function 6CF42407: GetThreadPriority.KERNEL32(00000000), ref: 6CF42504
                                                                                                                                                                                                        • Part of subcall function 6CF3F0E7: __EH_prolog3.LIBCMT ref: 6CF3F0EE
                                                                                                                                                                                                        • Part of subcall function 6CF3F0E7: EnterCriticalSection.KERNEL32(6CF3D7C5,00000008,6CF48EA2), ref: 6CF3F100
                                                                                                                                                                                                        • Part of subcall function 6CF3F0E7: ??2@YAPAXI@Z.MSVCR100(00000024), ref: 6CF3F112
                                                                                                                                                                                                        • Part of subcall function 6CF3F0E7: ??2@YAPAXI@Z.MSVCR100(00000030), ref: 6CF3F137
                                                                                                                                                                                                        • Part of subcall function 6CF3F0E7: LeaveCriticalSection.KERNEL32(?), ref: 6CF3F159
                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6CF48EA6
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF48EB6
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF48ECE
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF48EDC
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF48EF9
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF48F11
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF48F3B
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF48F53
                                                                                                                                                                                                      • InitializeSListHead.KERNEL32(000000E8), ref: 6CF48F6C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Policy$Concurrency@@ElementKey@2@@Policy@SchedulerValue@$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCriticalErrorH_prolog3LastSection$??2@InitializeThread$CountCreateCurrentEnterEventExceptionHeadLeaveListPrioritySpinThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 7361241-0
                                                                                                                                                                                                      • Opcode ID: 900a8daec20cc665c09dda19ebad983370935d32e5debdba705ab6846e54b753
                                                                                                                                                                                                      • Instruction ID: 56117000d2a169f6d0ae5a5164ff3335241efa080157d95135a93a0e8980c942
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 900a8daec20cc665c09dda19ebad983370935d32e5debdba705ab6846e54b753
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F3165B1900646EFC750DFE4D884BDEBBB4FF05304F50892AE42AE7610D735E5499B90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF10CD7 Relevance: 15.1, APIs: 10, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock.MSVCR100(00000007,6CF10D48,0000000C), ref: 6CF10CE5
                                                                                                                                                                                                        • Part of subcall function 6CF00910: EnterCriticalSection.KERNEL32(00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0092B
                                                                                                                                                                                                      • _wcslen.LIBCMT(00000000,6CF10D48,0000000C), ref: 6CF10D65
                                                                                                                                                                                                      • calloc.MSVCR100(00000001,00000002,00000000,6CF10D48,0000000C), ref: 6CF10D70
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(00000000,00000001,00000000), ref: 6CF10D87
                                                                                                                                                                                                      • _errno.MSVCR100(6CF10D48,0000000C), ref: 6CF308C0
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF10D48,0000000C), ref: 6CF308CA
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF308DB
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF308E6
                                                                                                                                                                                                        • Part of subcall function 6CF10C66: _wcslen.LIBCMT(00000000,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF10C88
                                                                                                                                                                                                        • Part of subcall function 6CF10C66: _wcslen.LIBCMT(00000000,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF10C9B
                                                                                                                                                                                                        • Part of subcall function 6CF10C66: _wcsnicoll.MSVCR100(00000000,00000000,00000000,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF10CB8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_wcslen$CriticalEnterSection_invalid_parameter_noinfo_lock_wcsnicollcallocwcscpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2000213683-0
                                                                                                                                                                                                      • Opcode ID: df02bf1972b69ce9b9b1d12af49c1546938efc8a692a7d8027f43f0cbbe01155
                                                                                                                                                                                                      • Instruction ID: 5f397384431db86abe753cc43416273894e3253238da400f06c0ec3fd1bf091d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: df02bf1972b69ce9b9b1d12af49c1546938efc8a692a7d8027f43f0cbbe01155
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89219FB1A486A5EFC7129F68CC406CE77B5AF45B18F218912E414AFF40CFF499549BE0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4AA54 Relevance: 15.1, APIs: 10, Instructions: 80librarythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 6CF4AA6B
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(6CEF0000,?,00000104), ref: 6CF4AA87
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 6CF4AA98
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF4AAAF
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF4AACA
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF4AADB
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,-00000018,6CF40EC3,00010000,6CF40EB1,?), ref: 6CF4AB1D
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF4AB27
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF4AB3F
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF4AB4D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastModuleThrow$CreateFileHandleLibraryLoadNameThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 475412-0
                                                                                                                                                                                                      • Opcode ID: 05d4387b7324d0cb3a96dab58546087117c9c9c845d9a957d78e0beebfb9c8a2
                                                                                                                                                                                                      • Instruction ID: 62868c1b21f06c7034de6d594a6b186a81079eeb88d2517b82aa855626dab6b6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05d4387b7324d0cb3a96dab58546087117c9c9c845d9a957d78e0beebfb9c8a2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A121F571600249EBDF48DFE0DC49BAE7BB8BF04308F104439E52AD6A81DB75DE099B54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7C394 Relevance: 15.1, APIs: 10, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7C3A2
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7C3AC
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _wcslen.LIBCMT(?), ref: 6CF7C3CF
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(?,?,?), ref: 6CF7C3DF
                                                                                                                                                                                                      • wcscat_s.MSVCR100(?,?,6CF331F0), ref: 6CF7C3F2
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6CF7C405
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7C40A
                                                                                                                                                                                                      • _wcslen.LIBCMT(?,00000000), ref: 6CF7C412
                                                                                                                                                                                                      • _wcslen.LIBCMT(?,?,00000000), ref: 6CF7C41C
                                                                                                                                                                                                      • _wcserror_s.MSVCR100(00000000,?,00000000), ref: 6CF7C426
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wcslen$_errno$__invoke_watson_invalid_parameter_invalid_parameter_noinfo_wcserror_swcscat_swcscpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 998693625-0
                                                                                                                                                                                                      • Opcode ID: cdc471ec043dc4c12a1fe37f85d385286bc9a18a23f75505a4c884daf3caea29
                                                                                                                                                                                                      • Instruction ID: 9cee5bacfbdeb501eb1193d977f9e41951d7db5027fd1428341faea1fba24767
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdc471ec043dc4c12a1fe37f85d385286bc9a18a23f75505a4c884daf3caea29
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7411A5726001146697316F65BC88AFF37ACAF85B6C7110427F80597E41EB61C559D1F1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF046C8 Relevance: 15.1, APIs: 10, Instructions: 70memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapReAlloc.KERNEL32(00000000,00000000,00000001,00000000,00000000,?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010), ref: 6CF04701
                                                                                                                                                                                                      • malloc.MSVCR100(00000001,?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010), ref: 6CF0477D
                                                                                                                                                                                                      • free.MSVCR100(00000000,00000000,?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010), ref: 6CF2F35F
                                                                                                                                                                                                      • _callnewh.MSVCR100(00000001,?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010), ref: 6CF2F37B
                                                                                                                                                                                                      • _callnewh.MSVCR100(00000001,00000000,00000000,?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010), ref: 6CF2F38C
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,00000000,?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010), ref: 6CF2F392
                                                                                                                                                                                                      • _errno.MSVCR100(?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010,?,?,?,?,?,6CF0AA03), ref: 6CF2F3A4
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010,?,?,?,?,?,6CF0AA03), ref: 6CF2F3AB
                                                                                                                                                                                                      • _errno.MSVCR100(?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010,?,?,?,?,?,6CF0AA03), ref: 6CF2F3BC
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,6CF04799,?,00000001,00000000,00000000,?,6CF30617,00000000,00000010,?,?,?,?,?,6CF0AA03), ref: 6CF2F3C3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$ErrorLast_callnewh$AllocHeapfreemalloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2627451454-0
                                                                                                                                                                                                      • Opcode ID: 42959b4d7b0ff0e6053b328874fd5578a669da754b1d4c0d3a8cdd432f8215f0
                                                                                                                                                                                                      • Instruction ID: 83cc54d0e0b47e52e89cfaecaede04ba780bd2df437f03af771195f077649318
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42959b4d7b0ff0e6053b328874fd5578a669da754b1d4c0d3a8cdd432f8215f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD110833711515EBDB102EF8A8147CF3BB9BF86BA9B308429E81497E50DF34CC40AA90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4C601 Relevance: 15.1, APIs: 10, Instructions: 63threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF4C611
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF4C61C
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • __set_flsgetvalue.MSVCR100 ref: 6CF4C626
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000001,00000214), ref: 6CF4C632
                                                                                                                                                                                                      • _getptd.MSVCR100 ref: 6CF4C63F
                                                                                                                                                                                                      • _initptd.MSVCR100(00000000,?), ref: 6CF4C648
                                                                                                                                                                                                      • CreateThread.KERNEL32(?,?,6CF4C59C,00000000,?,?), ref: 6CF4C676
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF4C680
                                                                                                                                                                                                      • free.MSVCR100(00000000), ref: 6CF4C689
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000), ref: 6CF4C694
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateErrorLastThread__dosmaperr__set_flsgetvalue_calloc_crt_errno_getptd_initptd_invalid_parameter_invalid_parameter_noinfofree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2355482382-0
                                                                                                                                                                                                      • Opcode ID: f49b0aa476127ee353a74ff9ed9aa5704de28f6bce68f47fc5428f8d51c78b82
                                                                                                                                                                                                      • Instruction ID: 96655761a45883a719ae2b08ecdedb006c2cc9a9bbcfd69799f4285159098cfe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f49b0aa476127ee353a74ff9ed9aa5704de28f6bce68f47fc5428f8d51c78b82
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD114832304746AFD700AFA59C40DCF3FF8EF447687109029F81C87A41DB71D8089A64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0FDBF Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 288COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __aulldvrm
                                                                                                                                                                                                      • String ID: '$@$g
                                                                                                                                                                                                      • API String ID: 1302938615-3359089917
                                                                                                                                                                                                      • Opcode ID: 8620b6827688ff3912ab330655976ff974bbc06b67782c50c261d995d7cefe12
                                                                                                                                                                                                      • Instruction ID: e632310d59d142aa451cc0daf0d8bca7dcce6403b9ba5b2b11b3f69de34630e7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8620b6827688ff3912ab330655976ff974bbc06b67782c50c261d995d7cefe12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15C1D371E4522D8BDBA08B14CCA87D9B7B4BB44B18F2402DAD418A7951C7748FC5EF88
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF02DE8 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 242COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __aulldvrm__forcdecpt_l_errno_get_printf_count_output_strlen
                                                                                                                                                                                                      • String ID: @$@$g
                                                                                                                                                                                                      • API String ID: 3086443751-3810856864
                                                                                                                                                                                                      • Opcode ID: 8c019bd1b080462ab428da3c290eaba28cff3d15429e85ea02d26cbb1f5e72b8
                                                                                                                                                                                                      • Instruction ID: 2744f863c97aa362eeeae3d52b319a27d53a7b60a4f3a849e0e793bee5d8d455
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c019bd1b080462ab428da3c290eaba28cff3d15429e85ea02d26cbb1f5e72b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56A18BF1F0522C8EDB608B14CCA4BD9B7B4AB05B18F1481E9D648A7641E7319EC9DF68
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0DCB4 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::operator=.LIBCMT ref: 6CF11644
                                                                                                                                                                                                      • atol.MSVCR100(?,?,00000010,00000000,00000000,00000000), ref: 6CF2D66B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator=atol
                                                                                                                                                                                                      • String ID: `template-parameter$void
                                                                                                                                                                                                      • API String ID: 1388095176-4057429177
                                                                                                                                                                                                      • Opcode ID: 57746c11731fc8de3035266c7c20620ea782fc412d4de0a3961ff6e6833dd615
                                                                                                                                                                                                      • Instruction ID: 3daa69d3933def051b4a5d4fb103288c88fff8668dbf7d96860565fc2d98c191
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57746c11731fc8de3035266c7c20620ea782fc412d4de0a3961ff6e6833dd615
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27513671E15208DFCF04DFE8D8A0AEEBBF8AF09704F50402AE555E7A50EB35A949DB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF72F68 Relevance: 13.9, APIs: 9, Instructions: 367COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _W_store_num.LIBCMT ref: 6CF731E5
                                                                                                                                                                                                      • _W_store_winword.LIBCMT ref: 6CF7320B
                                                                                                                                                                                                      • _W_store_winword.LIBCMT ref: 6CF73236
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF734C9,?,?,00000000,?,?,?,00000000,?,?,?), ref: 6CF73278
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,6CF734C9,?,?,00000000,?,?,?,00000000,?,?,?), ref: 6CF73283
                                                                                                                                                                                                      • __tzname.MSVCR100(000000FF,?,?,?,?,6CF734C9,?,?,00000000,?,?,?,00000000), ref: 6CF732E0
                                                                                                                                                                                                      • _mbstowcs_s_l.MSVCR100(00000000,?,?,00000000,000000FF,?,?,?,?,6CF734C9,?,?,00000000,?,?,?), ref: 6CF73301
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6CF7332C
                                                                                                                                                                                                      • _W_store_str.LIBCMT ref: 6CF733C9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: W_store_winword$W_store_numW_store_str__invoke_watson__tzname_errno_invalid_parameter_noinfo_mbstowcs_s_l
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1181387638-0
                                                                                                                                                                                                      • Opcode ID: 488f6ddb631ee458a1a26901e5cb70623f26af06bd0553aed63feaf984941dea
                                                                                                                                                                                                      • Instruction ID: 4ebd3bea4892853438cd6c258282340bbb2ba7edc8022bb9350bad0bc205dbc5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 488f6ddb631ee458a1a26901e5cb70623f26af06bd0553aed63feaf984941dea
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9C1A071745206FBDF348F58E841B9A3762BB4A308F25421BF9108BA94DB31E859CBB1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF16A1D Relevance: 13.7, APIs: 9, Instructions: 226COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT(?,000000FF,00000024,?,?,6CF16A18,?), ref: 6CF16A3D
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF16A78
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF16B35
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF16B8E
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF16BAB
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF16BCE
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF16A18,?), ref: 6CF29D32
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,6CF16A18,?), ref: 6CF29D3C
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,6CF16A18,?), ref: 6CF29D56
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$_errno$_invalid_parameter_noinfo_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1299486453-0
                                                                                                                                                                                                      • Opcode ID: dd004eb7a6a32ef069cd65c2c60737c8eebf10a499515b87b4b4e68529152060
                                                                                                                                                                                                      • Instruction ID: 3ad8126db3cca12719114d941d45ebc9d53c873bae321e81915bf7c39745dd02
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd004eb7a6a32ef069cd65c2c60737c8eebf10a499515b87b4b4e68529152060
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31615972A04305AFD7148FA8CC40B9E77B6EF84329F24822DF510DBAD1DB799A048B40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF042BF Relevance: 13.7, APIs: 9, Instructions: 169COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fileno
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 467780811-0
                                                                                                                                                                                                      • Opcode ID: 40847bd09b04613e1bc92b540e921d65a82c916cf6b7c198e2279b2cd0873b19
                                                                                                                                                                                                      • Instruction ID: 9192e8ecefafa95710b5175aa2a6f4f517b6bfcb036e3ca36d3e49102f6b82fa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40847bd09b04613e1bc92b540e921d65a82c916cf6b7c198e2279b2cd0873b19
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7511672705705CFC710CF69D8647EABBE0AF52728B248A2DD4A9C7AD0DB34E645EB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A90B Relevance: 13.6, APIs: 9, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00000018,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0A96F
                                                                                                                                                                                                      • _lock.MSVCR100(0000000A,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0A981
                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(00000000,00000FA0,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0A998
                                                                                                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 6CF2749F
                                                                                                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 6CF274A6
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF274B9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CountCriticalInitializeSectionSpin_errno_lock_malloc_crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 957642387-0
                                                                                                                                                                                                      • Opcode ID: 925d08ee78aa0ae36178cf903acff41dfcbc38514e7538ea32f25f95e74593af
                                                                                                                                                                                                      • Instruction ID: 872af063f3e8b3ef60cbddcdbd14a198d550b190acb1799d27ebfadf8252224a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 925d08ee78aa0ae36178cf903acff41dfcbc38514e7538ea32f25f95e74593af
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA11A732B44A46DEEB005FB9D860BADB7F06F82F18F11951ED1516BA80CFB84485E751
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF023DB Relevance: 13.5, APIs: 9, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$__doserrno$AttributesErrorFileLast__dosmaperr_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2636503730-0
                                                                                                                                                                                                      • Opcode ID: dcde6580c56c7d6b70ff989a761597f0786c33157c5fca43955b89bf41deba63
                                                                                                                                                                                                      • Instruction ID: ed4f5237051d333660b16319bb4f974bafe6a0d5b27ffc2d3515e69ac2ff787f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcde6580c56c7d6b70ff989a761597f0786c33157c5fca43955b89bf41deba63
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC012670604258DAC7121FB4C8187CA37A4AF42B2CF014111E9248BEE4DB758406ABA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF46075 Relevance: 13.5, APIs: 9, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF4607C
                                                                                                                                                                                                      • __ExceptionPtrCopy.LIBCMT(?,00000008,00000014,6CF4579F,?,?,?), ref: 6CF46093
                                                                                                                                                                                                        • Part of subcall function 6CF4BA7B: __EH_prolog3.LIBCMT ref: 6CF4BA82
                                                                                                                                                                                                        • Part of subcall function 6CF4BA7B: _Reset.LIBCMT ref: 6CF4BAA1
                                                                                                                                                                                                      • ?__ExceptionPtrDestroy@@YAXPAX@Z.MSVCR100(00000008,?,00000008,00000014,6CF4579F,?,?,?), ref: 6CF4609D
                                                                                                                                                                                                        • Part of subcall function 6CF4BA0A: shared_ptr.LIBCMT ref: 6CF4BA14
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(00000008,00000008,?,00000008,00000014,6CF4579F,?,?,?), ref: 6CF460A3
                                                                                                                                                                                                      • __uncaught_exception.MSVCR100 ref: 6CF460AF
                                                                                                                                                                                                      • __ExceptionPtrCopy.LIBCMT(?,?), ref: 6CF460C0
                                                                                                                                                                                                      • ?__ExceptionPtrRethrow@@YAXPBX@Z.MSVCR100(?,?,?), ref: 6CF460CD
                                                                                                                                                                                                      • ?__ExceptionPtrDestroy@@YAXPAX@Z.MSVCR100(?,?,?,?), ref: 6CF460DA
                                                                                                                                                                                                      • ?__ExceptionPtrDestroy@@YAXPAX@Z.MSVCR100(?), ref: 6CF460EA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception$Destroy@@$CopyH_prolog3$??3@ResetRethrow@@__uncaught_exceptionshared_ptr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1394407404-0
                                                                                                                                                                                                      • Opcode ID: be95be75837d7f1a06ec323046476004c1c59a664082762ee140b24ded2cc1ce
                                                                                                                                                                                                      • Instruction ID: 0154b385613d66d3323abdd5c6ca44d3ac2a5bbbd97ce28ec481f0144f71975a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: be95be75837d7f1a06ec323046476004c1c59a664082762ee140b24ded2cc1ce
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF01A2B2C0151DAADF04DBE8C845BDDBBBC6F04219F948A55E914A3A83D734D60E87B2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7E38C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF006FC: GetLastError.KERNEL32(6CEF31F8,?,6CF0081A,6CF98032), ref: 6CF00700
                                                                                                                                                                                                        • Part of subcall function 6CF006FC: __set_flsgetvalue.MSVCR100 ref: 6CF0070E
                                                                                                                                                                                                        • Part of subcall function 6CF006FC: SetLastError.KERNEL32(00000000), ref: 6CF00720
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000086,00000002), ref: 6CF7E3B5
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 6CF7E3D8
                                                                                                                                                                                                        • Part of subcall function 6CF7C284: __sys_nerr.MSVCR100(?,?,6CF7C33C,00000000), ref: 6CF7C291
                                                                                                                                                                                                        • Part of subcall function 6CF7C284: __sys_nerr.MSVCR100(?,?,6CF7C33C,00000000), ref: 6CF7C29A
                                                                                                                                                                                                        • Part of subcall function 6CF7C284: __sys_errlist.MSVCR100(?,?,6CF7C33C,00000000), ref: 6CF7C2A1
                                                                                                                                                                                                      • __cftoe.LIBCMT(00000000,?,00000086,00000000,00000085), ref: 6CF7E3E2
                                                                                                                                                                                                        • Part of subcall function 6CF5C408: _mbstowcs_s_l.MSVCR100(?,?,?,?,?,00000000), ref: 6CF5C41E
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6CF7E3F7
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF7C42B,00000000,?,00000000), ref: 6CF7E48D
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,6CF7C42B,00000000,?,00000000), ref: 6CF7E497
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast__sys_nerr$__cftoe__get_sys_err_msg__invoke_watson__set_flsgetvalue__sys_errlist_calloc_crt_errno_invalid_parameter_noinfo_mbstowcs_s_l
                                                                                                                                                                                                      • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                                                                      • API String ID: 3324003163-798102604
                                                                                                                                                                                                      • Opcode ID: 36c9b8dc1ce67d578ba723287fd74eb46aa809bee93e9685777fad566f3f4566
                                                                                                                                                                                                      • Instruction ID: 1fdbf0d7cfa0339f06c56f51687f736ec8c579e52f811babe7f12799389bb533
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36c9b8dc1ce67d578ba723287fd74eb46aa809bee93e9685777fad566f3f4566
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C31BCA658D3E05FC3228B746C698C6BF246A1321871DC6DFE8854FDA3D714941583B2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0667A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _memset.LIBCMT(00000000,00000000,00000090,00000083,00000001,000000BC,?,6CF06D45,?,00000001,00000000,00000000,00000005), ref: 6CF0668E
                                                                                                                                                                                                      • strncpy_s.MSVCR100(00000080,00000010,00000001,0000000F,00000000,00000000,00000005), ref: 6CF12886
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memsetstrncpy_s
                                                                                                                                                                                                      • String ID: _.,
                                                                                                                                                                                                      • API String ID: 1794348173-2709443920
                                                                                                                                                                                                      • Opcode ID: 52dd1203094df9837ee7a676d634326937ea22017fa3d84e3248083954acc186
                                                                                                                                                                                                      • Instruction ID: 94df05f81d7f5e52fe644c3071d04a3c4a9e002a30df6750ff77f8de49c22406
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52dd1203094df9837ee7a676d634326937ea22017fa3d84e3248083954acc186
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D73144722492E6BDEB2089358C00FDB376CDF0276CF187613F96CDA981E3B5954486E1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5C308 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: P
                                                                                                                                                                                                      • API String ID: 2819658684-3110715001
                                                                                                                                                                                                      • Opcode ID: 8d24361130e1c7c7f239276ebd7c079275cef1ef6a29c025b795dfb819a636ad
                                                                                                                                                                                                      • Instruction ID: 1361d10f8d8711bddd225f7002aacba6df19f0ea3c20a3b92a1da3b084aad694
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d24361130e1c7c7f239276ebd7c079275cef1ef6a29c025b795dfb819a636ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A631A432A4028DDBCB10EF6CC4805DE77F4BF19318BB1065AE6729BA90E7718961C791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF02049 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF29333
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF2933E
                                                                                                                                                                                                      • _errno.MSVCR100(?), ref: 6CF2934B
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?), ref: 6CF29356
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: B
                                                                                                                                                                                                      • API String ID: 2959964966-1255198513
                                                                                                                                                                                                      • Opcode ID: 67abc2bb6ec1ae013afcf04f76d5452d529817a2f6e2c0ccf023b386213acfde
                                                                                                                                                                                                      • Instruction ID: d44cbb6db803452296477ce30e5871bc4981f135ac2d7f36cdba0da8eee8169b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67abc2bb6ec1ae013afcf04f76d5452d529817a2f6e2c0ccf023b386213acfde
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD31813290520ADFDF008FE8C8405EF77B8FF09728F24461AE920A76D0DB799945DBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04605 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: B
                                                                                                                                                                                                      • API String ID: 2959964966-1255198513
                                                                                                                                                                                                      • Opcode ID: 88b7f8ae182f9c9709ffbfec1dff02f350af6cd95f50ede9af0caa10dd5b41f3
                                                                                                                                                                                                      • Instruction ID: 9a1714b1e6ef48c7f4e29a72dcbad8b0a53ea79b6453d3f8ef52afff4278921b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88b7f8ae182f9c9709ffbfec1dff02f350af6cd95f50ede9af0caa10dd5b41f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2219573E05149DFDF109FD4C8505EEBBB8FB19724F140527E920A7680E77899059BB1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF14D9D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::
                                                                                                                                                                                                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                                      • API String ID: 1333004437-2211150622
                                                                                                                                                                                                      • Opcode ID: 4af4754a9f34129860c1606cb2e80288c246ec82fb703ca965845b6a5977a268
                                                                                                                                                                                                      • Instruction ID: e3acae66f120d4cfa9903251ae7fff52e82a3c0ba58c55bb791208452c97024c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4af4754a9f34129860c1606cb2e80288c246ec82fb703ca965845b6a5977a268
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7219834715608DFCF01CF9CD450AA87BF4FF8A38CB448095E845ABA92DB34D902CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF05CD9 Relevance: 12.2, APIs: 8, Instructions: 211COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: cc41b892af56f304fbf430f2d9ab0c690a83c8bdd92f005812f689b5068cb0ad
                                                                                                                                                                                                      • Instruction ID: 7375dc0ee6ddfebc121dd0d013e74b119b565dca8aa72377eac63fb8edfb9da1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc41b892af56f304fbf430f2d9ab0c690a83c8bdd92f005812f689b5068cb0ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5671E172A0624ADFDF10CFE4C894AEFBBF5FF05318B24066AE121A7A50D7759940CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5FC43 Relevance: 12.2, APIs: 8, Instructions: 173COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,00000000,01822A99,6CFA7C68), ref: 6CF5FC5D
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,00000000,01822A99,6CFA7C68), ref: 6CF5FC68
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,?,?,?,00000000,01822A99,6CFA7C68), ref: 6CF5FC89
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(00000000,?,?,?,00000000,01822A99,6CFA7C68), ref: 6CF5FC94
                                                                                                                                                                                                      • __stricmp_l.LIBCMT(01822A99,00000000,?,00000000,?,?,?,00000000,01822A99,6CFA7C68), ref: 6CF5FCBE
                                                                                                                                                                                                        • Part of subcall function 6CF70EE5: _errno.MSVCR100(?,00000000,?,00000000,00000000,00000005), ref: 6CF70F00
                                                                                                                                                                                                        • Part of subcall function 6CF70EE5: _invalid_parameter_noinfo.MSVCR100(?,00000000,?,00000000,00000000,00000005), ref: 6CF70F0B
                                                                                                                                                                                                      • __crtLCMapStringA.MSVCR100(?,00000000,00000200,01822A99,00000002,6CFA7C68,00000002,?,00000001,?,?,00000000,?,?,?,00000000), ref: 6CF5FD14
                                                                                                                                                                                                      • __crtLCMapStringA.MSVCR100(?,00000000,00000200,00000001,00000002,6CFA7C68,00000002,?,00000001,?,?,?,?,?,?,?), ref: 6CF5FD95
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,?,00000000,?,?,?,00000000,01822A99,6CFA7C68), ref: 6CF5FDF2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo$String__crt$__stricmp_l_invalid_parameter
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2295373847-0
                                                                                                                                                                                                      • Opcode ID: 5ff7b4879649a422d2f7f641b328c5635359501781869614b3ced766dfa4ab65
                                                                                                                                                                                                      • Instruction ID: 2c8e4fe8f1ea931368bf6da40d3387d63a1892b160c3d810b77ba57aaf739cf3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ff7b4879649a422d2f7f641b328c5635359501781869614b3ced766dfa4ab65
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6518C71D042899FDB558B68C484BFE7BF0AF1232CF6842D9E6B15B5D2C7708A52C750
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF48289 Relevance: 12.1, APIs: 8, Instructions: 111synchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,71328D80), ref: 6CF482CB
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF482D9
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF482F2
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF48301
                                                                                                                                                                                                      • _memset.LIBCMT(?,00000000,0000000C), ref: 6CF48367
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?,?), ref: 6CF4839B
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CF483A7
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 6CF483B8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventExceptionHandleLastObjectPrioritySingleThreadThrowWait_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1332095174-0
                                                                                                                                                                                                      • Opcode ID: d724c0482311795f55006a6c8e6f3c8491fa027024dff3766274843a6309b7ca
                                                                                                                                                                                                      • Instruction ID: 414d0ba37c2a5f8a6d5e08ee56732d728bc6540477bc162583dd3338da442eb1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d724c0482311795f55006a6c8e6f3c8491fa027024dff3766274843a6309b7ca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04419F72604650AFC700CF64DC44AAABBF8FF49728F104A2AF469D3AA1D734E944CBD5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04267 Relevance: 12.1, APIs: 8, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF04295,?), ref: 6CF2875A
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,6CF04295,?), ref: 6CF28765
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2959964966-0
                                                                                                                                                                                                      • Opcode ID: 23323603e78fd6f21d7ea5052ccfc7337cada01f34c5615e235131cea8438e41
                                                                                                                                                                                                      • Instruction ID: 45d5f9563cb71760720e55eff89884df99719254adaf43a4d0e521065a338028
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23323603e78fd6f21d7ea5052ccfc7337cada01f34c5615e235131cea8438e41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B31E8735017018FD7204BA5C8107E67BE4EF02B6CB248A2FD4E99AE90D72CD0459B90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF16D84 Relevance: 12.1, APIs: 8, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000001,00000000,00000001,00000002,?,?,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF16DEE
                                                                                                                                                                                                      • _get_osfhandle.MSVCR100(?,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF16DF8
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF16DFF
                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF16E06
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: _get_osfhandle.MSVCR100(?,?,?,?,6CF0A795,?,6CF0A7B0,00000010), ref: 6CF0A6C5
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: _get_osfhandle.MSVCR100(?), ref: 6CF0A6E8
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: FindCloseChangeNotification.KERNELBASE(00000000), ref: 6CF0A6EF
                                                                                                                                                                                                      • _errno.MSVCR100(?,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF30531
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF3053C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_osfhandle$CurrentProcess$ChangeCloseDuplicateFindHandleNotification__doserrno_errno
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2004342405-0
                                                                                                                                                                                                      • Opcode ID: 422160786fe619b70f91efdf94c81873745b78ec8967acf69cc729f1412139f5
                                                                                                                                                                                                      • Instruction ID: fd3d179a033cbef6f631c00d638dfb95dc7aed53dd485269c5b892d2a78ee865
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 422160786fe619b70f91efdf94c81873745b78ec8967acf69cc729f1412139f5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F31F432614285AFDB01CFB8C884BD63BF5EF4A318F154299E914CFAA2DB71E905CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF109EA Relevance: 12.1, APIs: 8, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __crtCompareStringW.MSVCR100(?,00001001,00000000,?,?,?,?), ref: 6CF15FBC
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF2C74B
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF2C756
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF2C765
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF2C770
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF2C77F
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF2C78A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo$CompareString__crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 380063240-0
                                                                                                                                                                                                      • Opcode ID: 92f31d898ed74495dbdc95cdabc12c4a18cb5bf2ad594a599a3ba411d492cd8b
                                                                                                                                                                                                      • Instruction ID: 71ff8e97cdc982893df97e81c2ea38ea1892210a7a3d7c60abe68133f3659de4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92f31d898ed74495dbdc95cdabc12c4a18cb5bf2ad594a599a3ba411d492cd8b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43312872608185DBEB206EA8C8507EA36E87F01768F204252E4B0DFED0DBB4C85097A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04F5D Relevance: 12.1, APIs: 8, Instructions: 97stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _getptd.MSVCR100(?,?,?,?,?,?,?,6CF05088,00000014), ref: 6CF04F77
                                                                                                                                                                                                        • Part of subcall function 6CF05258: _getptd.MSVCR100(6CF052B8,0000000C,6CF29FD5,?,?,6CF043AA,?), ref: 6CF05264
                                                                                                                                                                                                        • Part of subcall function 6CF05258: _lock.MSVCR100(0000000C), ref: 6CF0527B
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(000000D8,00000001), ref: 6CF04F97
                                                                                                                                                                                                      • _lock.MSVCR100(0000000C), ref: 6CF04FAD
                                                                                                                                                                                                        • Part of subcall function 6CF00910: EnterCriticalSection.KERNEL32(00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0092B
                                                                                                                                                                                                      • __copytlocinfo_nolock.LIBCMT ref: 6CF04FBB
                                                                                                                                                                                                        • Part of subcall function 6CF04D42: _unlock.MSVCR100(0000000C,6CF04FC9), ref: 6CF04D44
                                                                                                                                                                                                        • Part of subcall function 6CF051A2: __expandlocale.LIBCMT ref: 6CF051FC
                                                                                                                                                                                                        • Part of subcall function 6CF051A2: strcmp.MSVCR100(?,00000048,?,?,?,00000001,00000000,00000000), ref: 6CF05218
                                                                                                                                                                                                      • strcmp.MSVCR100(00000000,6CFA4BC0), ref: 6CF04FF0
                                                                                                                                                                                                      • _lock.MSVCR100(0000000C), ref: 6CF05001
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,?,6CF05088,00000014), ref: 6CF30C90
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,?,6CF05088,00000014), ref: 6CF30C9B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _lock$_getptdstrcmp$CriticalEnterSection__copytlocinfo_nolock__expandlocale_calloc_crt_errno_invalid_parameter_noinfo_unlock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2630553387-0
                                                                                                                                                                                                      • Opcode ID: b729dd8c660cd900bb23623193e7cc3a177bddf10423a862fb76f558b95a8aa1
                                                                                                                                                                                                      • Instruction ID: 6a4bd53ae35f4b42cd089ec42626e6a74fe9afb3901a97263c6c1ceae347827d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b729dd8c660cd900bb23623193e7cc3a177bddf10423a862fb76f558b95a8aa1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF31C431B08345DBEB009FA4E864BDDBBF0AF44B18F20841EE41657B91CFB54648EB69
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7A0C5 Relevance: 12.1, APIs: 8, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF0ACEE: _lock.MSVCR100(0000000B,6CF0AD58,00000018,6CF0AFDD,00000000,?), ref: 6CF0AD15
                                                                                                                                                                                                      • _errno.MSVCR100(6CF7A210,00000018,6CF7A2BF,?,?,?,?,?,?,?,6CF7A300,00000010), ref: 6CF7A105
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF7A210,00000018,6CF7A2BF,?,?,?,?,?,?,?,6CF7A300,00000010), ref: 6CF7A110
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002,6CF7A210,00000018,6CF7A2BF,?,?,?,?,?,?,?,6CF7A300,00000010), ref: 6CF7A132
                                                                                                                                                                                                      • _get_osfhandle.MSVCR100(?,00000000,?,?,?,?,?,?,6CF7A300,00000010), ref: 6CF7A138
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,?,?,?,?,?,?,6CF7A300,00000010), ref: 6CF7A13F
                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,?,?,?,?,?,6CF7A300,00000010), ref: 6CF7A142
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,6CF7A300,00000010), ref: 6CF7A14C
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000,?,?,?,?,?,?,6CF7A300,00000010), ref: 6CF7A168
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentProcess$DuplicateErrorHandleLast__doserrno__dosmaperr_errno_get_osfhandle_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1055742366-0
                                                                                                                                                                                                      • Opcode ID: 078dc748cb7091789fc4927addca6aee370aca70da10eaa128e0b789d9f46de5
                                                                                                                                                                                                      • Instruction ID: eed4e32b7d12d3b1900ce057e3900f267a22e956d873c9997a179535eefc18ec
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 078dc748cb7091789fc4927addca6aee370aca70da10eaa128e0b789d9f46de5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA31E1326042998FDF128FB4E890ADD7BF1AF8A318F261285D450AF792CB71D905DF60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5693E Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _mbsrchr.MSVCR100(6CFA83F4,0000002E,6CFA83F4,00000012), ref: 6CF56957
                                                                                                                                                                                                        • Part of subcall function 6CF615E3: __mbsrchr_l.LIBCMT(00000400,6CF4F396,00000000,?,6CF4EF5D,6CF4F396,0000002E,?,?,?,6CF4F396,00000400,?), ref: 6CF615F0
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CFA83F4,00000012), ref: 6CF5696E
                                                                                                                                                                                                      • strtoul.MSVCR100(00000001,00000000,00000020,00000000,6CFA83F4,00000012), ref: 6CF5697F
                                                                                                                                                                                                      • __ultoa_s.LIBCMT(?,?,00000008,00000020,00000000,6CFA83F4,00000012), ref: 6CF569A8
                                                                                                                                                                                                      • strcpy_s.MSVCR100(00000001,00000000,?,?,?,?,?,00000000,6CFA83F4,00000012), ref: 6CF569BF
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,6CFA83F4,00000012), ref: 6CF569D0
                                                                                                                                                                                                      • _errno.MSVCR100(6CF56B18,00000010,6CF56B6A,00000000,?,00000002,7FFFFFFF,00000000), ref: 6CF569E7
                                                                                                                                                                                                      • _errno.MSVCR100(6CF56B18,00000010,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,6CFA83F4,00000012), ref: 6CF56A02
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$__invoke_watson__mbsrchr_l__ultoa_s_invalid_parameter_noinfo_mbsrchrstrcpy_sstrtoul
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2319564628-0
                                                                                                                                                                                                      • Opcode ID: 26dbb2cd891caffa583db9cae64b108c0e9bc213cde1dfd1e3d6047bb4f425d1
                                                                                                                                                                                                      • Instruction ID: 43f7eff1be7bffde029dedd72d62f4aa585ce17a884f83c0af4800c87baabd2d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26dbb2cd891caffa583db9cae64b108c0e9bc213cde1dfd1e3d6047bb4f425d1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1421D771F00208AEEB009F798C45ADE77A8FF55B58F505125F524DBBC0EFB0E91986A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5860C Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wcsrchr.MSVCR100(6CFA8448,0000002E,6CFA8448,00000012,00000000), ref: 6CF58626
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CFA8448,00000012,00000000), ref: 6CF58641
                                                                                                                                                                                                      • _wcstoul.LIBCMT(00000002,00000000,00000020,6CFA8448,00000012,00000000), ref: 6CF5865D
                                                                                                                                                                                                      • __ultoa_s.LIBCMT(?,?,00000008,00000020,6CFA8448,00000012,00000000), ref: 6CF58674
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(00000002,00000000,?,?,?,?,?,6CFA8448,00000012,00000000), ref: 6CF58688
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,?,?,?,?,6CFA8448,00000012,00000000), ref: 6CF5869B
                                                                                                                                                                                                      • _errno.MSVCR100(6CF587E8,00000010,6CF5883A,00000000,?,00000002,7FFFFFFF,00000000), ref: 6CF586B2
                                                                                                                                                                                                      • _errno.MSVCR100(6CF587E8,00000010,00000000,00000000,00000000,00000000,00000000,?,?,?,?,6CFA8448,00000012,00000000), ref: 6CF586CD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$__invoke_watson__ultoa_s_invalid_parameter_noinfo_wcstoulwcscpy_swcsrchr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1668553054-0
                                                                                                                                                                                                      • Opcode ID: 835310b824290eef657908211c4256be63ada10cc5d8df46f0022953b9c7b9e2
                                                                                                                                                                                                      • Instruction ID: 7942aa155690836aeee68c9a004a7b8db6dcf23fe9d65bff007c1de552939aff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 835310b824290eef657908211c4256be63ada10cc5d8df46f0022953b9c7b9e2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8721D771B40704AAEB009F799C86BDF77A8EF58718F910519E6019BAC1EBB0ED149660
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF12420 Relevance: 12.1, APIs: 8, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcslen.LIBCMT(00000000,?,00000000,6CF30861,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF12444
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000001,00000004,?,?,00000000,6CF30861,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF12455
                                                                                                                                                                                                      • _wcslen.LIBCMT(00000000,?,?,00000000,6CF30861,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF12479
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000001,00000002,?,?,00000000,6CF30861,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF1248B
                                                                                                                                                                                                      • wcscpy_s.MSVCR100(00000000,00000001,00000000,?,?,00000000,6CF30861,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF1249F
                                                                                                                                                                                                      • free.MSVCR100(?,?,00000000,6CF30861,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF124BD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _calloc_crt_wcslen$freewcscpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 968141106-0
                                                                                                                                                                                                      • Opcode ID: fd670dcf2b02bd4c7bb95060a02e50ed618b836777e876558bf416202f02dc5c
                                                                                                                                                                                                      • Instruction ID: 65927bc51691c2c772e80f303c0a83d927bd4f2d6a492b979a576e204305ef7e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd670dcf2b02bd4c7bb95060a02e50ed618b836777e876558bf416202f02dc5c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD213E73918750CADB114BA9AC4875B36B4DF4373CF31460BD47097DD1DF7594458990
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF16CCB Relevance: 12.1, APIs: 8, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF16D68,00000010), ref: 6CF16CB9
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF16D68,00000010), ref: 6CF3056D
                                                                                                                                                                                                      • _errno.MSVCR100(6CF16D68,00000010), ref: 6CF30575
                                                                                                                                                                                                      • _errno.MSVCR100(6CF16D68,00000010), ref: 6CF3058A
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF16D68,00000010), ref: 6CF30595
                                                                                                                                                                                                      • __doserrno.MSVCR100(6CF16D68,00000010), ref: 6CF3059C
                                                                                                                                                                                                      • _extend_ioinfo_arrays.LIBCMT ref: 6CF305A5
                                                                                                                                                                                                      • _errno.MSVCR100(6CF16D68,00000010), ref: 6CF305B2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __doserrno_errno$_extend_ioinfo_arrays_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3030660385-0
                                                                                                                                                                                                      • Opcode ID: 4fc912befe7a167710f29adfa3040474b0eb931040a2abd77d6971bab36296f9
                                                                                                                                                                                                      • Instruction ID: 5efca96bf0df804ed121087613cd2d35f44ab78248f3789f85f704d9ad2f3edf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fc912befe7a167710f29adfa3040474b0eb931040a2abd77d6971bab36296f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB214672A09660DAD7515F68D4A07EE72A0EF83718F11920AE4349BFD0EFB4080497B1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0AA3C Relevance: 12.1, APIs: 8, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0,?,6CF0B911), ref: 6CF0AA51
                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0,?,6CF0B911), ref: 6CF0AA5E
                                                                                                                                                                                                      • _msize.MSVCR100(00000000,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF0AA7B
                                                                                                                                                                                                        • Part of subcall function 6CF025DA: HeapSize.KERNEL32(00000000,00000000,?,6CF0AA80,00000000,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?), ref: 6CF025F4
                                                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF0AA97
                                                                                                                                                                                                      • EncodePointer.KERNEL32(-00000004,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF0AA9F
                                                                                                                                                                                                      • _realloc_crt.MSVCR100(00000000,00000800,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF1283A
                                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF12850
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Pointer$Encode$Decode$HeapSize_msize_realloc_crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 765448609-0
                                                                                                                                                                                                      • Opcode ID: 4dd6c35892b05d786d36245afecd32cfc12670d5142781ec9ff90d08e1d23056
                                                                                                                                                                                                      • Instruction ID: 00cad27b651b3abd222656710ea4a08d3bed76d192c1bef975879b8574f27f9c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dd6c35892b05d786d36245afecd32cfc12670d5142781ec9ff90d08e1d23056
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A911B972704219EFDB009FB5DC8498A7BF9FB86371311053BD405D3A10EB72ED059A94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF76A27 Relevance: 12.1, APIs: 8, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF768DE,?,?), ref: 6CF76A33
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,6CF768DE,?,?), ref: 6CF76A3E
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF768DE,?,?), ref: 6CF76A50
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4106058386-0
                                                                                                                                                                                                      • Opcode ID: 3f56866c232a9638b24fca7c35e1c295119dea73f2effd5d1815c553f80a1b95
                                                                                                                                                                                                      • Instruction ID: 172cfd41542b053f26c341fd32d119ad4d3e54de18ae2e3868e0610008b01545
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f56866c232a9638b24fca7c35e1c295119dea73f2effd5d1815c553f80a1b95
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C611B471A40148EFFF245FA5FC04B8A7BB9FB82768F148226F910D7690DB70C948D6A4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF026F7 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF0270D
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF02778
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF02788
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF06922
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF086C9
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF086D1
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 6CF086D9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DecrementInterlocked
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3448037634-0
                                                                                                                                                                                                      • Opcode ID: 1a72d2b80bc72e6ca36b560426c30970629450e39aa269a7c5f52bcf4892272b
                                                                                                                                                                                                      • Instruction ID: 8ec074ba774145ab2f09c829c592284696a3521e5c15860541365b7adc7183b2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a72d2b80bc72e6ca36b560426c30970629450e39aa269a7c5f52bcf4892272b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A119435B44319A7DB009A7ACCD8B4BFBBCBF45B4AF440526E908D7900D771E800ABB0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF78734 Relevance: 12.1, APIs: 8, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(6CF78810,00000010,6CF28C0C,00000000,?,00000000,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF78748
                                                                                                                                                                                                      • _errno.MSVCR100(6CF78810,00000010,6CF28C0C,00000000,?,00000000,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF78767
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF78810,00000010,6CF28C0C,00000000,?,00000000,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF78772
                                                                                                                                                                                                      • _get_osfhandle.MSVCR100(?,6CF78810,00000010,6CF28C0C,00000000,?,00000000,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF787AE
                                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(00000000,6CF78810,00000010,6CF28C0C,00000000,?,00000000,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF787B5
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF787BF
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,?,?,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF787D4
                                                                                                                                                                                                      • _errno.MSVCR100(6CF78810,00000010,6CF28C0C,00000000,?,00000000,?,6CF0EF1C,?,6CF0EF38,0000000C), ref: 6CF787DE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$BuffersErrorFileFlushLast__doserrno_get_osfhandle_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3018510309-0
                                                                                                                                                                                                      • Opcode ID: 98ee613f76ffac45e4d46af1933fde9d1330c38afb3636f902f7e70d8def3383
                                                                                                                                                                                                      • Instruction ID: c40834d7c2ea88298a71415fb2cef3460d03ff4243fcff2a7ab3c7ac981b16df
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98ee613f76ffac45e4d46af1933fde9d1330c38afb3636f902f7e70d8def3383
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F119D71A00649CEDB209FA4E89439D77B0BF42728F114647D4326BBD0CBBC8906DB70
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF006FC Relevance: 12.0, APIs: 8, Instructions: 46threadCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(6CEF31F8,?,6CF0081A,6CF98032), ref: 6CF00700
                                                                                                                                                                                                      • __set_flsgetvalue.MSVCR100 ref: 6CF0070E
                                                                                                                                                                                                        • Part of subcall function 6CF00341: TlsGetValue.KERNEL32(?,6CF00713), ref: 6CF0034A
                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 6CF00720
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000001,00000214), ref: 6CF275B7
                                                                                                                                                                                                      • DecodePointer.KERNEL32(00000000), ref: 6CF275D5
                                                                                                                                                                                                      • _initptd.MSVCR100(00000000,00000000), ref: 6CF275E4
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF275EB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$CurrentDecodePointerThreadValue__set_flsgetvalue_calloc_crt_initptd
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 242762301-0
                                                                                                                                                                                                      • Opcode ID: f117db759e0f53bdaa4498ff9d00eb4889f3b0a396af87d249a0605d6bf58dff
                                                                                                                                                                                                      • Instruction ID: f41781eae6e37382fb8217d9f5677b38e18a2c63e1ec7318c829c6092dbf6a25
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f117db759e0f53bdaa4498ff9d00eb4889f3b0a396af87d249a0605d6bf58dff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AF0F4327016A1ABD7212BE8BC19BDE7FB19F82F657200129F524D65C0CF64C801AA94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0DC5F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator=operator+
                                                                                                                                                                                                      • String ID: std::nullptr_t$volatile
                                                                                                                                                                                                      • API String ID: 1352385710-3726895890
                                                                                                                                                                                                      • Opcode ID: 27f498895a9779302d0fba12de2f1471d27eff1212ef219dfe45e3421f9002f6
                                                                                                                                                                                                      • Instruction ID: 81edb0ccb85eaf19f965e0c68234bbde7e1a4435a045d8bff71cccc32b11727b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27f498895a9779302d0fba12de2f1471d27eff1212ef219dfe45e3421f9002f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7410232A24118EFCF00CFD8D860AEEBFB4FB06749F50406AE454A7E00E7349A44DB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF387E8 Relevance: 10.6, APIs: 7, Instructions: 102threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 6CF387EF
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 6CF3886E
                                                                                                                                                                                                      • _memset.LIBCMT(?,00000000,0000000C), ref: 6CF388A9
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,6CF3D091,?,00000000), ref: 6CF388D7
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000000,?,00000000), ref: 6CF38903
                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,00000024,6CF428C6,?,00000000,?,6CF42AD0,?,?,00000000,?,?,00000000,?), ref: 6CF38925
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,00000000,?,6CF42AD0,?,?,00000000,?,?,00000000,?), ref: 6CF38930
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSectionValue$CurrentEnterH_prolog3_LeaveThread_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3390461318-0
                                                                                                                                                                                                      • Opcode ID: 4b4dfc63a8a37f1dd14e0a80dd64e29917c840dada6ddb323c6f323fd3aebae9
                                                                                                                                                                                                      • Instruction ID: cb6033b92bda65d740cef2cd36ccae933175942bea61a192ecbcc4d6459bc8ce
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b4dfc63a8a37f1dd14e0a80dd64e29917c840dada6ddb323c6f323fd3aebae9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B416C71A00215DFCB08CF60D4C4A9ABBB1FF48308B15569AEC0AAF756DB34E946CF91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF807A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __fltout2.LIBCMT ref: 6CF807CB
                                                                                                                                                                                                        • Part of subcall function 6CF7FE57: ___dtold.LIBCMT ref: 6CF7FE7D
                                                                                                                                                                                                        • Part of subcall function 6CF7FE57: _$I10_OUTPUT.LIBCMT(?,?,00000016,?,?,?,6CF80196,00000000,?,?,000000FF,00000016,?,?,000000A3,?), ref: 6CF7FE98
                                                                                                                                                                                                        • Part of subcall function 6CF7FE57: strcpy_s.MSVCR100(6CF80196,?,?,?,?,00000016,?,?,?,6CF80196,00000000,?,?,000000FF,00000016,?), ref: 6CF7FEB8
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,?,?,?,000000FF,?,?,?,?,00000000,00000000), ref: 6CF807D7
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,?,?,?,000000FF,?,?,?,?,00000000,00000000), ref: 6CF807DE
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • __fptostr.LIBCMT ref: 6CF80816
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: I10____dtold__fltout2__fptostr_errno_invalid_parameter_invalid_parameter_noinfostrcpy_s
                                                                                                                                                                                                      • String ID: -
                                                                                                                                                                                                      • API String ID: 3041646763-2547889144
                                                                                                                                                                                                      • Opcode ID: 9d84b9f05646c0da7c852902e57fac2951f36d1c8e0c11fe24fa4e4cd675ee68
                                                                                                                                                                                                      • Instruction ID: 9743d8284549de39d31058338ba482ab06c35a572944525b7e67db33cbd37ddc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d84b9f05646c0da7c852902e57fac2951f36d1c8e0c11fe24fa4e4cd675ee68
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0131F432A02149EBCF158F69DC40EEF7BB5EF49314F844215F821A7690EB71D994CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3EFB6 Relevance: 10.6, APIs: 7, Instructions: 73synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF3EFBD
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 6CF3EFCD
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000064), ref: 6CF3EFED
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6CF3EFF9
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 6CF3F02B
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 6CF3F035
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6CF3F081
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CountTick$CriticalSection$EnterH_prolog3LeaveObjectSingleWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2258694387-0
                                                                                                                                                                                                      • Opcode ID: e05bdd99af2d7f9ee57dea3a95fea29fd0142f60f5f65da029e1531b9cf21509
                                                                                                                                                                                                      • Instruction ID: 5a2b6f6cad1aac0dbc7e22166546aca2bef7d29ac6f1a8be91f65949ccfadce9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e05bdd99af2d7f9ee57dea3a95fea29fd0142f60f5f65da029e1531b9cf21509
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3121B6B2E00229EBDF009FB8C8857DE3AB1EF80318F2016A5E5589A6D4C7798945CBD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF14C40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::$Name::operator+
                                                                                                                                                                                                      • String ID: void$void
                                                                                                                                                                                                      • API String ID: 826178784-3746155364
                                                                                                                                                                                                      • Opcode ID: 4b4c4ad0f3cf5a4b9f874a9c7a64c2a09b1db44d4a11a1726d4a68abab337018
                                                                                                                                                                                                      • Instruction ID: 1c4287c2ba3e47baa2a605cbfe63e27c35fd458f2de4c987249c2aa9f4332cea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b4c4ad0f3cf5a4b9f874a9c7a64c2a09b1db44d4a11a1726d4a68abab337018
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D215B76A0410DFFCF04CF94C860DEE7FB8FB49308F50405AE805A6A50EB31968AEB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4697F Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF46986
                                                                                                                                                                                                      • InitializeSListHead.KERNEL32(?,00000010,6CF46D69,00000000,?), ref: 6CF469A4
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF469D7
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF469EF
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF469FD
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF46A17
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(00000030), ref: 6CF46A25
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast$??2@Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionH_prolog3HeadInitializeListThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3312236879-0
                                                                                                                                                                                                      • Opcode ID: 24cb18dba1157b7fd6dce5d3a2eb429621c10cd59ee7da5f68356fc4fc3e87c8
                                                                                                                                                                                                      • Instruction ID: 7e9cbd02981052f0e5865117a72d1af208c904895c9e5da2dfea9e32b46ed54b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24cb18dba1157b7fd6dce5d3a2eb429621c10cd59ee7da5f68356fc4fc3e87c8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A021AC72650A06DFD741CFA4C88079EBBF8AF09708B10C81AF459D7A40EB74EA45CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF38ACC Relevance: 10.6, APIs: 7, Instructions: 65threadCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF38AD3
                                                                                                                                                                                                        • Part of subcall function 6CF362E7: __EH_prolog3.LIBCMT ref: 6CF362EE
                                                                                                                                                                                                        • Part of subcall function 6CF362E7: ??_U@YAPAXI@Z.MSVCR100(00000000,00000000,6CF38AE8,?,000000FF), ref: 6CF36365
                                                                                                                                                                                                        • Part of subcall function 6CF362E7: _memset.LIBCMT(00000000,00000000,?,00000000,6CF38AE8,?,000000FF), ref: 6CF36377
                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,000000FF,00000001,00000010,6CF40C24,00000000,00000000,00000000,?,?,00000000,6CF9FF1C), ref: 6CF38B03
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,6CF9FF1C,000000FF,?,6CF40AE8,?,?,?,00000000), ref: 6CF38B13
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,00000000,6CF9FF1C,000000FF,?,6CF40AE8,?,?,?,00000000), ref: 6CF38B2B
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000,?,?,00000000,6CF9FF1C,000000FF,?,6CF40AE8,?,?,?,00000000), ref: 6CF38B39
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(0000001C,00000000,?,?,00000000,6CF9FF1C,000000FF,?,6CF40AE8,?,?,?,00000000), ref: 6CF38B4B
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF38B80
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: H_prolog3$??2@Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateCurrentErrorEventExceptionLastThreadThrow_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1790702778-0
                                                                                                                                                                                                      • Opcode ID: 623a9efc81c0f7c810872af050100a18d8d40edfa445b8f4eecbfcc92105a2cb
                                                                                                                                                                                                      • Instruction ID: f702c9be6061803b349480e346bab50842967ac2f9b29162727c346396d5de66
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 623a9efc81c0f7c810872af050100a18d8d40edfa445b8f4eecbfcc92105a2cb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB2193F190029ABFD7009FB1C884A9ABBB4FF05314B54956BE519C7B10C738D959DBD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3FC04 Relevance: 10.6, APIs: 7, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF40444
                                                                                                                                                                                                        • Part of subcall function 6CF4235D: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002), ref: 6CF4236A
                                                                                                                                                                                                        • Part of subcall function 6CF4235D: std::exception::exception.LIBCMT(?,00000008,00000002), ref: 6CF42382
                                                                                                                                                                                                        • Part of subcall function 6CF4235D: _CxxThrowException.MSVCR100(?,6CFA0DC8,?,00000008,00000002), ref: 6CF42397
                                                                                                                                                                                                        • Part of subcall function 6CF4235D: ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000008,00000002), ref: 6CF423A1
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(?,6CFA55E0,?,00000014), ref: 6CF40484
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(?,?,6CFA55E0,?,00000014), ref: 6CF4048A
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(00000004,6CFA55E0,?,00000014), ref: 6CF40493
                                                                                                                                                                                                      • ??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z.MSVCR100(?,6CFA55E0,?,00000014), ref: 6CF404A9
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT(?,00000014), ref: 6CF404CE
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CF404E8,?,00000014), ref: 6CF404DC
                                                                                                                                                                                                        • Part of subcall function 6CF3B327: ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100 ref: 6CF3B349
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency@@Policy$Policy@Scheduler$??3@ElementExceptionKey@2@@SpinThrowValue@$??2@Concurrency::unsupported_os::unsupported_osH_prolog3Once@?$_V01@@Wait@$00@details@std::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4136520310-0
                                                                                                                                                                                                      • Opcode ID: a7c18694f1fb2bde7b5ee30892b45402ab7ca870d037b584969eb4392be13e59
                                                                                                                                                                                                      • Instruction ID: 4ed67173f4d625bd64486b3403274efb370ed67fb69bc129a0ccf1882e1cebed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7c18694f1fb2bde7b5ee30892b45402ab7ca870d037b584969eb4392be13e59
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0110630A46248EFDF40DBB4D8147DD7BF0AF15318F10812AD409E7BA2DBB98948D659
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF14574 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$NameName::
                                                                                                                                                                                                      • String ID: throw(
                                                                                                                                                                                                      • API String ID: 168861036-3159766648
                                                                                                                                                                                                      • Opcode ID: 138d04e75899aa84125fe06071c3a5e67485385659b2d12ff91728857d744c7c
                                                                                                                                                                                                      • Instruction ID: 85c8890ef4deb46ba3bf576284a275584c462b2e9e948b5d0dda26c8a1eee582
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 138d04e75899aa84125fe06071c3a5e67485385659b2d12ff91728857d744c7c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95018C30A00209AFCF04DFE4D855EED7BB9EF45348F404055E902AB6D0DB34EA49CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5A988 Relevance: 10.5, APIs: 7, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5A993
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF5A99E
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • __wsopen_s.LIBCMT(00000000,00000000,00008002,00000040,00000000), ref: 6CF5A9B8
                                                                                                                                                                                                      • __futime64.LIBCMT(00000000,?), ref: 6CF5A9CC
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5A9DA
                                                                                                                                                                                                      • _close.MSVCR100(00000000), ref: 6CF5A9E9
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5A9F4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$__futime64__wsopen_s_close_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 503974632-0
                                                                                                                                                                                                      • Opcode ID: 739f2f7bb0ee4c502357b9213252ae7a39a48b23ff173e3577863ab54058ad41
                                                                                                                                                                                                      • Instruction ID: 818e57a496096844788d8aecf01d74996a4c42108f226f1b6ce6a55eb8447dae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 739f2f7bb0ee4c502357b9213252ae7a39a48b23ff173e3577863ab54058ad41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7501DB72604118AEDB001F65DC01BDD3BA5AF80778F568211F7185BAD0DF71D564D7B0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF38BD4 Relevance: 10.5, APIs: 7, Instructions: 38threadCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000088,00000000,00000000,00000002,00000000,00000000,6CF9FF1C,000000FF,?,6CF40AE8,?,?,?,00000000), ref: 6CF38BF0
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 6CF38BF3
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,?,6CF40AE8,?,?,?,00000000), ref: 6CF38BFA
                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,6CF40AE8,?,?,?,00000000), ref: 6CF38BFD
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,6CF40AE8,?,?,?,00000000), ref: 6CF38C07
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,6CF40AE8,?,?,?,00000000), ref: 6CF38C1F
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(6CFA0C48,6CFA0C48,00000000,?,6CF40AE8,?,?,?,00000000), ref: 6CF38C2D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Current$Process$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorExceptionHandleLastThreadThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2881127307-0
                                                                                                                                                                                                      • Opcode ID: 7c3251bdb3f6a7c7c7473d789071573fe023465fb31a4041af74a795e594e430
                                                                                                                                                                                                      • Instruction ID: bdb3274f5a4f333a435b4d7976b29c325fdbe564d111266489e59abe34830262
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c3251bdb3f6a7c7c7473d789071573fe023465fb31a4041af74a795e594e430
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06F03AB2A00259B6CB10ABF19C0DFDB7A7CBB85744F404526B229E3580DB78E5098BE1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF741D3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _FindAndUnlinkFrame.MSVCR100(?,6CF741BF,?), ref: 6CF741DC
                                                                                                                                                                                                        • Part of subcall function 6CF183D1: _getptd.MSVCR100 ref: 6CF183D7
                                                                                                                                                                                                        • Part of subcall function 6CF183D1: _getptd.MSVCR100 ref: 6CF183EB
                                                                                                                                                                                                      • _getptd.MSVCR100(6CF741BF,?), ref: 6CF741E2
                                                                                                                                                                                                      • _getptd.MSVCR100(6CF741BF,?), ref: 6CF741F0
                                                                                                                                                                                                      • _IsExceptionObjectToBeDestroyed.MSVCR100(?), ref: 6CF74233
                                                                                                                                                                                                      • __DestructExceptionObject.MSVCR100(00000000,00000000), ref: 6CF74241
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _getptd$ExceptionObject$DestroyedDestructFindFrameUnlink
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 473968603-1018135373
                                                                                                                                                                                                      • Opcode ID: 3f10fad894707037d4f1be91083b805b1c86e0196aeef020e4e17791f3ad9fd2
                                                                                                                                                                                                      • Instruction ID: d3816e709efd4d541b8bff07fad58bb04dfd4523f81019c3343a45cadca8b2ba
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f10fad894707037d4f1be91083b805b1c86e0196aeef020e4e17791f3ad9fd2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96018B388057058BCB308F65E440A9CBBB5AF0021AF66462FD04197E50CF30D9A5DF21
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4E946 Relevance: 10.5, APIs: 7, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __doserrno.MSVCR100 ref: 6CF4E951
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF4E959
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF4E964
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(00000000), ref: 6CF4E971
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF4E97C
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000), ref: 6CF4E983
                                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(00000000,00000000), ref: 6CF4E99D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFile$ErrorLast__doserrno__dosmaperr_errno_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 567378056-0
                                                                                                                                                                                                      • Opcode ID: b0a9d2dba6a4aec48ae2251dcf5639df0ecf3a86c77c44249b62e3cddcefaebc
                                                                                                                                                                                                      • Instruction ID: 44a2bca71d1c65cd309fffb62625457ec9c3f106b8a3809bae05c4bb16004e0b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0a9d2dba6a4aec48ae2251dcf5639df0ecf3a86c77c44249b62e3cddcefaebc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AF0B472514908EFDB409BB5DC0439D7EA4AF4233AF148305F43884AE1CB30C440E6A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF50307 Relevance: 10.5, APIs: 7, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __doserrno.MSVCR100 ref: 6CF50312
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5031A
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF50325
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(00000000), ref: 6CF50332
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF5033D
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000), ref: 6CF50344
                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(00000000,00000000), ref: 6CF5035E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttributesFile$ErrorLast__doserrno__dosmaperr_errno_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 567378056-0
                                                                                                                                                                                                      • Opcode ID: d98ca6c7970a84056855b903aa83aea84fd5a685b4aca5b1c6b43eb63eecad2a
                                                                                                                                                                                                      • Instruction ID: f75de4ad90471fad61e1b261d952d70e93a6304bad2f2cb6cd273536d9450dd9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d98ca6c7970a84056855b903aa83aea84fd5a685b4aca5b1c6b43eb63eecad2a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CF0B47151498EDBDB001BF5ED883993BA8AF6233DFA48350F538C49E0DBB1C460E660
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF73C19 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _getptd
                                                                                                                                                                                                      • String ID: MOC$RCC$csm
                                                                                                                                                                                                      • API String ID: 3186804695-2671469338
                                                                                                                                                                                                      • Opcode ID: 9409c5a0f4b8fefc6144f08392dbb776af12daaef2442993d67dc15f2612c84e
                                                                                                                                                                                                      • Instruction ID: bf22ca98bf0c893905a2b358d8a7cb86efd3f82059064b3cfaf2d386fe2e10e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9409c5a0f4b8fefc6144f08392dbb776af12daaef2442993d67dc15f2612c84e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20E04F316542159FC734ABA8D085B993BE5FF4871DF1604A2D80CCBB22C77CE4589DA3
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF720E2 Relevance: 9.3, APIs: 6, Instructions: 314COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _store_winword.LIBCMT ref: 6CF72340
                                                                                                                                                                                                      • _store_winword.LIBCMT ref: 6CF72365
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,00000000,?,?,6CF72A14,?,?,?,00000000,?,?,?), ref: 6CF7239E
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,00000000,?,?,6CF72A14,?,?,?,00000000,?,?,?), ref: 6CF723A9
                                                                                                                                                                                                      • __tzname.MSVCR100(?,?,00000000,?,?,6CF72A14,?,?,?,00000000,?,?,?), ref: 6CF723F0
                                                                                                                                                                                                      • _store_str.LIBCMT ref: 6CF7248C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _store_winword$__tzname_errno_invalid_parameter_noinfo_store_str
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3353331024-0
                                                                                                                                                                                                      • Opcode ID: ae78be76882857a31cc87ab40dd1950ddfd2fc11440ecb4c76ff0d531ef2cd9a
                                                                                                                                                                                                      • Instruction ID: 2d0b8ffeec3c53f29818765ca0e6b29992f1c5da059614cb4189e9f9052061e7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae78be76882857a31cc87ab40dd1950ddfd2fc11440ecb4c76ff0d531ef2cd9a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C391D63260A552CBEB788F19B84CB5E77A5BB42708F31462BE990E7E51C333D851C2B1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF39D6B Relevance: 9.2, APIs: 6, Instructions: 151threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF39D78
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?), ref: 6CF39D8B
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000), ref: 6CF39EF0
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF39F15
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CF39F2C), ref: 6CF39F23
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(00000000,?,?,?,6CF39F2C), ref: 6CF39F47
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$Concurrency::unsupported_os::unsupported_osCurrentExceptionThreadThrowstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1797647509-0
                                                                                                                                                                                                      • Opcode ID: e841ddd00d3661abb6c0703155739dbe9c28f363955b0b24815a299912ef6727
                                                                                                                                                                                                      • Instruction ID: 2d5d3b8b57f6abfb4b5943d85a5d3a74b41d66c980c9dbb73efdc425eae50cae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e841ddd00d3661abb6c0703155739dbe9c28f363955b0b24815a299912ef6727
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A951BC31B04265BBDB059B74C844BEDBB70BF41308F0461AAE45D9BB82CF759919CBE1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0ACEE Relevance: 9.1, APIs: 6, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock.MSVCR100(0000000B,6CF0AD58,00000018,6CF0AFDD,00000000,?), ref: 6CF0AD15
                                                                                                                                                                                                        • Part of subcall function 6CF00910: EnterCriticalSection.KERNEL32(00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0092B
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,6CF0AD58,00000018,6CF0AFDD,00000000,?), ref: 6CF0AD94
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000020,00000040,6CF0AD58,00000018,6CF0AFDD,00000000,?), ref: 6CF304B5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalEnterSection$_calloc_crt_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3858677252-0
                                                                                                                                                                                                      • Opcode ID: ffd64ebf5fca30220fb7e1f65ec482e618210137486f4be6a82e4feaf9274704
                                                                                                                                                                                                      • Instruction ID: 18c73d25e7033e1bfa20cac4526c17f0229b3d3e6663eb9ad0f950c94d781020
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffd64ebf5fca30220fb7e1f65ec482e618210137486f4be6a82e4feaf9274704
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45412971F05786CBDB108FA8D4647DEBBF0AF02B29F248719C0656BAD0CBB49945EB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF06332 Relevance: 9.1, APIs: 6, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,00000001,?,?,?,?,6CF06435,?,?,?), ref: 6CF06375
                                                                                                                                                                                                      • _memset.LIBCMT(00000000,00000000,00000000,?,?,?,6CF06435,?,?,?,?,?,?,?,?,?), ref: 6CF063BB
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000), ref: 6CF063D0
                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6CF063DE
                                                                                                                                                                                                      • _freea_s.MSVCR100(00000000), ref: 6CF063E8
                                                                                                                                                                                                      • malloc.MSVCR100(00000008,?,?,?,6CF06435,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF30CE9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide$StringType_freea_s_memsetmalloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2935806426-0
                                                                                                                                                                                                      • Opcode ID: 000fb6601307cee93212f96454542e0420b037682929f9e036a74805f38a7b3e
                                                                                                                                                                                                      • Instruction ID: 32588977fa3fa3318881f7cd4f991a8c2ee8ab1e19e12c14c03e892d85cdcc81
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 000fb6601307cee93212f96454542e0420b037682929f9e036a74805f38a7b3e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18318E7270020AEFEF008FA4DC909AF7BA9EB48748F210029FD14D7650D771DDA4ABA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF00287 Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF0033A,?,?,00000000), ref: 6CF27946
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,6CF0033A,?,?,00000000), ref: 6CF27950
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,6CF0033A,?,?,00000000), ref: 6CF2795C
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,6CF0033A,?,?,00000000), ref: 6CF27966
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,6CF0033A,?,?,00000000), ref: 6CF27972
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,6CF0033A,?,?,00000000), ref: 6CF27991
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2819658684-0
                                                                                                                                                                                                      • Opcode ID: 723feabb71bdb69743214e0a2ab3f7a9526cdfea19aedd5265fede523c13f290
                                                                                                                                                                                                      • Instruction ID: 2aed3a5dc4b05528e0cf093891397866d9d79551b5aa8e10a37702041d2d0658
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 723feabb71bdb69743214e0a2ab3f7a9526cdfea19aedd5265fede523c13f290
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD213672355356DBC7245FB8C8A01DA7365FF46B58720813FE1554BB50E7B08840E395
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04396 Relevance: 9.1, APIs: 6, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _towlower_l.MSVCR100(?,?,?,?,?), ref: 6CF043D7
                                                                                                                                                                                                        • Part of subcall function 6CF0254C: iswctype.MSVCR100(?,00000001,?,?,?,?,?,?,?), ref: 6CF02590
                                                                                                                                                                                                      • _towlower_l.MSVCR100(00000000,?,?,?,?,?,?), ref: 6CF043EA
                                                                                                                                                                                                      • _errno.MSVCR100(?), ref: 6CF2C4F1
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?), ref: 6CF2C4FC
                                                                                                                                                                                                      • _errno.MSVCR100(?,?), ref: 6CF2C517
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?), ref: 6CF2C522
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo_towlower_l$iswctype
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3991495309-0
                                                                                                                                                                                                      • Opcode ID: 98420dca378b99487839370542b656027110283adde92e4ce886822a32d93de7
                                                                                                                                                                                                      • Instruction ID: ba06b264caa89e3ebcbcd62dab198bb3f85e4a3a35d47931c72347432ad0787e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98420dca378b99487839370542b656027110283adde92e4ce886822a32d93de7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B314776A011959BEB20AFE8C8517BE7BA4BF01B29F240246E4709B6D4DB78CD41E760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF46403 Relevance: 9.1, APIs: 6, Instructions: 88synchronizationtimeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF4640A
                                                                                                                                                                                                      • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 6CF46418
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 6CF4641F
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,?), ref: 6CF46443
                                                                                                                                                                                                      • ?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100 ref: 6CF46478
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6CF46524
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AcquireBase::CloseConcurrency::details::Concurrency@@CountH_prolog3HandleLock@details@ObjectReaderSchedulerSingleThrottlingTickTimeWaitWrite@_Writer
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1057910834-0
                                                                                                                                                                                                      • Opcode ID: 1622f4fad2d391449feac1b5559af9c4e02c3123d117bb8a4896619452b8d584
                                                                                                                                                                                                      • Instruction ID: b12f4c0b68b39029af321ba09a1283c8e15273615fd901192fc1f4935eb5e479
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1622f4fad2d391449feac1b5559af9c4e02c3123d117bb8a4896619452b8d584
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB31AB71A002168BDF00CFA8C8443EEBFB1BF44318F288679E855EB792CB749945CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF47DCC Relevance: 9.1, APIs: 6, Instructions: 70synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF47DD3
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000000,00000010,6CF47D43), ref: 6CF47DE9
                                                                                                                                                                                                      • ?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100 ref: 6CF47E06
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6CF47E86
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 6CF47E8F
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(?), ref: 6CF47E92
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle$??3@AcquireConcurrency@@H_prolog3Lock@details@ObjectReaderSingleWaitWrite@_Writer
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1148406726-0
                                                                                                                                                                                                      • Opcode ID: cae68939a4c23322898a2bff9f58a99e6438da4f1a87e3bd2213244fe907080e
                                                                                                                                                                                                      • Instruction ID: 367c47c9f95a5d3e74b6ada42a97e861572f44280cef180dfb16236f9990e5c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cae68939a4c23322898a2bff9f58a99e6438da4f1a87e3bd2213244fe907080e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A21B371A00205CFDF15CF68C851A9ABBB4FF41324B25865AE865AB792CB34ED06CFD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7CD89 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7CD96
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7CDD2
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7CDA1
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7CDB2
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7CDBD
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7CDDD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1328987296-0
                                                                                                                                                                                                      • Opcode ID: a0e5582b95a53bf3950720f09358867b88317c0b841a58f42ebc932bc15a5fed
                                                                                                                                                                                                      • Instruction ID: 45a90abc61413144326604f2e98ab23cb7b0375c9c976a2acd5a66f8fed4dba4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0e5582b95a53bf3950720f09358867b88317c0b841a58f42ebc932bc15a5fed
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B016D32544619DFCB326FA9E9507CA7BA8FB853A8B350527E46492900EB318881C7B1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7CE12 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7CE1F
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7CE5B
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7CE2A
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7CE3B
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7CE46
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7CE66
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1328987296-0
                                                                                                                                                                                                      • Opcode ID: 8a7dbd80af62258e14c732e03a9febab74374edf34e488fe0e8c020ac4520f4f
                                                                                                                                                                                                      • Instruction ID: 5f8c30a36c2aff751be738dcdec9cd0b973d50b09b4add33d8caf19d958319b2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a7dbd80af62258e14c732e03a9febab74374edf34e488fe0e8c020ac4520f4f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B711A9B251420ADFCF307FA5F8905CB77AAEF81758B31043BE99062A00DB318954C6B2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF52152 Relevance: 9.0, APIs: 6, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,00000000,?,6CF522CA,6CFA5F58,?,?,?,00000000), ref: 6CF5215F
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(00000000,00000000,?,6CF522CA,6CFA5F58,?,?,?,00000000), ref: 6CF5216A
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • __cenvarg.LIBCMT ref: 6CF5218B
                                                                                                                                                                                                      • __dospawn.LIBCMT ref: 6CF521A5
                                                                                                                                                                                                      • free.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6CF521AF
                                                                                                                                                                                                      • free.MSVCR100(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6CF521B7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free$__cenvarg__dospawn_errno_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1531270514-0
                                                                                                                                                                                                      • Opcode ID: 7a63f1f84e980c84dc735930b4747b505360a4800af34ccc0914b7ad5d95563e
                                                                                                                                                                                                      • Instruction ID: 881a209cbecb611403b1f40e544864b32f09ae3cd29013ffb9c57154ec0164e1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a63f1f84e980c84dc735930b4747b505360a4800af34ccc0914b7ad5d95563e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1011D7190010CFFCF015F94CC04ACE7BB9AF44368F514290FA25656A0E772DA65EBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF17D7A Relevance: 9.0, APIs: 6, Instructions: 38COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF17D25,?,?,00000104,?), ref: 6CF17D81
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF17D25,?,?,00000104,?), ref: 6CF17D88
                                                                                                                                                                                                      • _wfullpath.MSVCR100(?,?,?,?,?,?,6CF17D25,?,?,00000104,?), ref: 6CF17D99
                                                                                                                                                                                                        • Part of subcall function 6CF039BD: GetFullPathNameW.KERNEL32(?,?,00000000,?), ref: 6CF03A02
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF17DA3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$FullNamePath_wfullpath
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3755888649-0
                                                                                                                                                                                                      • Opcode ID: 584460eacc9f771bfc374306344bf0f398f38c2afb76164da31d0eca0b165108
                                                                                                                                                                                                      • Instruction ID: b86ad3f55caa2cacbec81404a758fe0e985a5bdbd1f5aef24c01e25829ce7336
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 584460eacc9f771bfc374306344bf0f398f38c2afb76164da31d0eca0b165108
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AF06D32200648EFCB121F64C810BDA3BA6FFC2B68F1140A1F8185BB20DF719818D7A2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF10AC0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,00000000,6CF06D5D,?,000000BC,?,00000000,00000000,00000005), ref: 6CF15C28
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(00000000,00000000,6CF06D5D,?,000000BC,?,00000000,00000000,00000005), ref: 6CF2A1A9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                      • API String ID: 2959964966-3993045852
                                                                                                                                                                                                      • Opcode ID: 49fda4f6a094257791eea7f6bc6f4a7ed63ef16df526c4610a0540b5aaf2a7a5
                                                                                                                                                                                                      • Instruction ID: 6cf9f72a90be56f3d7acd0e6b93f21bd3848999a261cc391a11bb37183e4a7dd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49fda4f6a094257791eea7f6bc6f4a7ed63ef16df526c4610a0540b5aaf2a7a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC71E83194E28ACBDB15CFA4C5507EA3BF1BF0231CF24425AD86097DD1D3B98AA5CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF00B9A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 178COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • iswctype.MSVCR100(?,00000008,?,?,?,?,?,?,6CF00CD5,?,?,?,00000000), ref: 6CF00BE3
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,6CF00CD5,?,?,?,00000000), ref: 6CF0A424
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,6CF00CD5,?,?,?,00000000), ref: 6CF2A3D3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfoiswctype
                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                      • API String ID: 1743973646-3993045852
                                                                                                                                                                                                      • Opcode ID: 61afa82759853cd61d3f10f50b359bf041e57abe5136c3ff767c97159d3dcbeb
                                                                                                                                                                                                      • Instruction ID: 72e0cd33515417c9683309ac772571e1f4eddeb4536e709c02ef2023fb9183dc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61afa82759853cd61d3f10f50b359bf041e57abe5136c3ff767c97159d3dcbeb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E51D372A05699DADB248F58C9747DB77F0FF02B1CF248226E86096990E3B4CA90E751
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF42983 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,?,00000000,?,?,?,?,?,?,?,?,6CF3D091,?,00000000,?,00000000), ref: 6CF429B1
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,?,00000000,?,?,?,?,?,?,?,?,6CF3D091,?,00000000,?,00000000), ref: 6CF42A33
                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCR100(?,?,?,00000000,?,?,?,?,?,?,?,?,6CF3D091,?,00000000,?), ref: 6CF42B61
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ,$,
                                                                                                                                                                                                      • API String ID: 0-220654547
                                                                                                                                                                                                      • Opcode ID: 80d76ad7a11ea31467d63abe963eeb7d8ebfcca97ad68425637ad4bd0bebaacb
                                                                                                                                                                                                      • Instruction ID: 57de7b2b5dd28cb580cda119b4dfe80cacadf041d0794dca5a747c5b0cc5eb95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80d76ad7a11ea31467d63abe963eeb7d8ebfcca97ad68425637ad4bd0bebaacb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1515971A01709DFCB28CFA8C494B9EBBB1FF45304F14852ED59AE7642D732A941CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3C6C7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6CF3C6D9
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6CF3C79A
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 6CF3C7A9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                                                      • String ID: $$,
                                                                                                                                                                                                      • API String ID: 3094578987-53852779
                                                                                                                                                                                                      • Opcode ID: 4f66f3c6306f304da6d8381bc1f01571e2eaaaaf87b4561fb6ed72ac863cc698
                                                                                                                                                                                                      • Instruction ID: 4322211e51c7ddaffcc678d8ee0594627d3e1713dfb7d2bf177c6ac5baab8eb5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f66f3c6306f304da6d8381bc1f01571e2eaaaaf87b4561fb6ed72ac863cc698
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33313674A00729EFCB14DFA9C5C895EBBB1FF58304B10866DD95A97A11C330E985CF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF80162 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __fltout2.LIBCMT ref: 6CF80191
                                                                                                                                                                                                        • Part of subcall function 6CF7FE57: ___dtold.LIBCMT ref: 6CF7FE7D
                                                                                                                                                                                                        • Part of subcall function 6CF7FE57: _$I10_OUTPUT.LIBCMT(?,?,00000016,?,?,?,6CF80196,00000000,?,?,000000FF,00000016,?,?,000000A3,?), ref: 6CF7FE98
                                                                                                                                                                                                        • Part of subcall function 6CF7FE57: strcpy_s.MSVCR100(6CF80196,?,?,?,?,00000016,?,?,?,6CF80196,00000000,?,?,000000FF,00000016,?), ref: 6CF7FEB8
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,000000A3,?,?,?,?,000000FF,?,?,?,?,00000000,00000000), ref: 6CF8019D
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,000000A3,?,?,?,?,000000FF,?,?,?,?,00000000,00000000), ref: 6CF801A4
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • __fptostr.LIBCMT ref: 6CF801EF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: I10____dtold__fltout2__fptostr_errno_invalid_parameter_invalid_parameter_noinfostrcpy_s
                                                                                                                                                                                                      • String ID: -
                                                                                                                                                                                                      • API String ID: 3041646763-2547889144
                                                                                                                                                                                                      • Opcode ID: a6e9fd70623b9e08cadea9fa839d8189c60ecfdb8f7bf3b498430669f93faf59
                                                                                                                                                                                                      • Instruction ID: f5ef2c50568a82f0f546c02993dedfa53e15596c3370eaabc51c2c55c439c71e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6e9fd70623b9e08cadea9fa839d8189c60ecfdb8f7bf3b498430669f93faf59
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21C877A01209ABDB098F78CC51ADF7B78EF49324F158529E822E7680EB70D914C760
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF05D76 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID: P
                                                                                                                                                                                                      • API String ID: 2959964966-3110715001
                                                                                                                                                                                                      • Opcode ID: d0587f1f2eaf50c1d8c41adf644a0ce4e2bc8ccb976420ca46863d34f4e50c7a
                                                                                                                                                                                                      • Instruction ID: 33e671d2ea90b8d03582300d2a6b360245efe5505205582bb235711b54dc743f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0587f1f2eaf50c1d8c41adf644a0ce4e2bc8ccb976420ca46863d34f4e50c7a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A21493234A145EFCB206E9C88A4ACE7BEAEF42B1C731051BE56097E40D7F48844D7A5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4AB7A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF4035A: TlsGetValue.KERNEL32(6CF36175), ref: 6CF4036C
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF4ABA2
                                                                                                                                                                                                      • swprintf.LIBCMT(?,00000401,[%d:%d:%d:%d(%d)] ,00000000,?,6CF4A924,?,?,000000F8), ref: 6CF4ABCC
                                                                                                                                                                                                      • vswprintf_s.MSVCR100(00000401,00000401,?,?,?,00000002,?,6CF4A924,?,?,000000F8), ref: 6CF4ABEE
                                                                                                                                                                                                      • _wcslen.LIBCMT(?,00000401,00000401,?,?,?,00000002,?,6CF4A924,?,?,000000F8), ref: 6CF4ABF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentThreadValue_wcslenswprintfvswprintf_s
                                                                                                                                                                                                      • String ID: [%d:%d:%d:%d(%d)]
                                                                                                                                                                                                      • API String ID: 3978057885-3832470304
                                                                                                                                                                                                      • Opcode ID: 7d2f3ae256d7fe98010c1251ad959e950f934e57ea2f154c22d133113acd6320
                                                                                                                                                                                                      • Instruction ID: f6ce036fb61e86fdec571aaa5d3b8894eadeaee6609fe5eaa57f9605d0e99c81
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d2f3ae256d7fe98010c1251ad959e950f934e57ea2f154c22d133113acd6320
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C011D3326002049BC7219FB9CC49E5B7BFADF85724725C429E919CB762EB36C8468791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04D56 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • strcat_s.MSVCR100(6CF06E28,6CF06E07,6CF06E18,?,00000083,00000083,?,6CF06E1C,6CF06E07,6CF06E28,00000002,6CF06E28,6CF06E07,?,00000000,00000000), ref: 6CF04D75
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000,6CF06E07,6CF06E28,00000002,6CF06E28,6CF06E07,?,00000000,00000000,00000005), ref: 6CF30AC5
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6CF30AD0
                                                                                                                                                                                                      • _strcspn.LIBCMT(00000000,_.,,00000000,00000000,00000005), ref: 6CF30ADE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __invoke_watson$_strcspnstrcat_s
                                                                                                                                                                                                      • String ID: _.,
                                                                                                                                                                                                      • API String ID: 4004410220-2709443920
                                                                                                                                                                                                      • Opcode ID: 77a777c9c3a1aaba8b1b1156eddbb2cf41735489135b4035ca5aceaacc75ada7
                                                                                                                                                                                                      • Instruction ID: c295cdc2e51841efd6ef56db9915d2e4fe51922880adb30997b35b9ff3d121b4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77a777c9c3a1aaba8b1b1156eddbb2cf41735489135b4035ca5aceaacc75ada7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CF0F073604299BB8B001E25EC408CF3B69FF8062CB11293BFD2C91A40C771D4569AA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0C5A9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 6CF0C5B0
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00000018,00000014,6CF0C631,00000000,00000000,?), ref: 6CF0C5BD
                                                                                                                                                                                                        • Part of subcall function 6CF00B31: malloc.MSVCR100(00000001,00000001,00000001,?,6CF0A974,00000018,6CF0A948,0000000C,6CF274F7,00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF00B3D
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?,00000001,00000014,6CF0C631,00000000,00000000), ref: 6CF272C0
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(6CF0C631,6CF0C888,?,00000001,00000014), ref: 6CF272D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionH_prolog3_catchThrow_malloc_crtmallocstd::exception::exception
                                                                                                                                                                                                      • String ID: bad allocation
                                                                                                                                                                                                      • API String ID: 2340149201-2104205924
                                                                                                                                                                                                      • Opcode ID: 24cc670112eeeb3565afc6af8defe198c333a33e41aa9836465ef0c2a8391612
                                                                                                                                                                                                      • Instruction ID: 8e69f8bf9542cc4389fe43594e0841cd091472708955066673a7b78645dee477
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24cc670112eeeb3565afc6af8defe198c333a33e41aa9836465ef0c2a8391612
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D0121756442089FDF08DF94C866FDD7BB8AF08714F10846AE504ABBA0CBB49904AF65
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CEF3DB0 Relevance: 7.7, APIs: 5, Instructions: 160COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___libm_error_support.LIBCMT ref: 6CEF3E65
                                                                                                                                                                                                        • Part of subcall function 6CF9B308: DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,6CF195C3), ref: 6CF9B326
                                                                                                                                                                                                        • Part of subcall function 6CF9B308: _errno.MSVCR100 ref: 6CF9B3C5
                                                                                                                                                                                                      • __ctrlfp.LIBCMT ref: 6CF9B717
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DecodePointer___libm_error_support__ctrlfp_errno
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3902546397-0
                                                                                                                                                                                                      • Opcode ID: 6d4f948872e434fdf3b5df42d9571fd167e4a68a2135e782ad4e806af77be843
                                                                                                                                                                                                      • Instruction ID: 25f5bf24a18a7f1091856d6348a658db0585916b0b5de5acc7e620608b340de4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d4f948872e434fdf3b5df42d9571fd167e4a68a2135e782ad4e806af77be843
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23514662808705E9EF116B39D8462AEBBB4FF86794F10CF5AF9D851680EF309599C213
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF60FDD Relevance: 7.7, APIs: 5, Instructions: 155COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strnicmp.MSVCR100(00000000,00000000,00000000,00000000,00000000), ref: 6CF6100C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strnicmp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2635805826-0
                                                                                                                                                                                                      • Opcode ID: 97e9a17159df900e2c9432a234bd104b95ee29784a787be956378dba4387d4f5
                                                                                                                                                                                                      • Instruction ID: fd8b5666a1741aad9c93bf5af637830a3c597e7cc4e6a4e773534e8468ad2541
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97e9a17159df900e2c9432a234bd104b95ee29784a787be956378dba4387d4f5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2351FE72808299EADF188F66C0507EA7BB0FF01728F25C2D9D4A11BDE2D371CA85E750
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF602CE Relevance: 7.6, APIs: 5, Instructions: 117stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • strncmp.MSVCR100(?,?,00000000,00000080,00000080), ref: 6CF602FE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: strncmp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1114863663-0
                                                                                                                                                                                                      • Opcode ID: fcf98cdb03d2ce117ffa6c6ee89bf8cf0b064f5cd0a372b9dccf187f44ef26a4
                                                                                                                                                                                                      • Instruction ID: 7de26c34636f1a5f2296de3c762f7fc7224083cb271a04bdd564ca3a631ce04c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcf98cdb03d2ce117ffa6c6ee89bf8cf0b064f5cd0a372b9dccf187f44ef26a4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B741C1315142D9DBDB119E66C4923AE3BA0AB0232EF3443AAA4F05BDD1C7F48145D799
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF60BDC Relevance: 7.6, APIs: 5, Instructions: 111stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • strncmp.MSVCR100(00000000,?,00000000,?,?), ref: 6CF60C19
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?), ref: 6CF60C3F
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?), ref: 6CF60C4A
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?), ref: 6CF60C6E
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?), ref: 6CF60C79
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo$_invalid_parameterstrncmp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2244377858-0
                                                                                                                                                                                                      • Opcode ID: 989de4fe64ac7fb5363c1031c15453bbd91eeb5e7c5a7740d970707172cdee37
                                                                                                                                                                                                      • Instruction ID: dfacbe14c92e3f35f1d0f6105eebf9f675e769195ddde6f9cc0077f48f2c9d16
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 989de4fe64ac7fb5363c1031c15453bbd91eeb5e7c5a7740d970707172cdee37
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC4122319042C99BDB128F6AC4407AD3BA0AF0232DF384399D8B15BDE1C7B48686D768
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF46B35 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(000000C0,71328D80), ref: 6CF46B6A
                                                                                                                                                                                                        • Part of subcall function 6CF0232B: malloc.MSVCR100(?), ref: 6CF02336
                                                                                                                                                                                                      • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 6CF46C64
                                                                                                                                                                                                        • Part of subcall function 6CF49684: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 6CF496E8
                                                                                                                                                                                                        • Part of subcall function 6CF49684: GetLastError.KERNEL32(?,00000000), ref: 6CF496F5
                                                                                                                                                                                                        • Part of subcall function 6CF49684: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000), ref: 6CF4970D
                                                                                                                                                                                                        • Part of subcall function 6CF49684: _CxxThrowException.MSVCR100(?,6CFA0C48,00000000,?,00000000), ref: 6CF4971B
                                                                                                                                                                                                        • Part of subcall function 6CF49684: GetLastError.KERNEL32(?,00000000), ref: 6CF49742
                                                                                                                                                                                                        • Part of subcall function 6CF49684: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000), ref: 6CF4975A
                                                                                                                                                                                                        • Part of subcall function 6CF49684: GetLastError.KERNEL32(?,00000000), ref: 6CF4977D
                                                                                                                                                                                                        • Part of subcall function 6CF49684: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000), ref: 6CF49795
                                                                                                                                                                                                        • Part of subcall function 6CF3865E: _memset.LIBCMT(?,00000000,0000000C,6CF3869C), ref: 6CF38663
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF46BFC
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF46C15
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF46C24
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLast$ExceptionThrow$??2@CreateEventMultipleObjectsWait_memsetmalloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2739790103-0
                                                                                                                                                                                                      • Opcode ID: 61be38770cede5d90c092efa40e6873967f7b7c2cd330695ae984484b67be9c3
                                                                                                                                                                                                      • Instruction ID: c39110a094601846a09f8720d8d2497dc54b213728f8acbaf32520d6c9ab23e7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61be38770cede5d90c092efa40e6873967f7b7c2cd330695ae984484b67be9c3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76418C72608301AFD700CF64D885B4ABBF4FB89724F104A2DF554D7A91DB35E948CB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF43D46 Relevance: 7.6, APIs: 5, Instructions: 100COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • QueryDepthSList.KERNEL32(80000000,-00000001,00000000,?,?,?,6CF39337,00000000,?,00000000,6CF3F733,00000000,00000000,00000000,00000000,00000000), ref: 6CF43DC4
                                                                                                                                                                                                      • InterlockedPushEntrySList.KERNEL32(80000008,-000000C8,?,6CF39337,00000000,?,00000000,6CF3F733,00000000,00000000,00000000,00000000,00000000,?,?,6CF36817), ref: 6CF43DDB
                                                                                                                                                                                                      • QueryDepthSList.KERNEL32(80000008,?,6CF39337,00000000,?,00000000,6CF3F733,00000000,00000000,00000000,00000000,00000000,?,?,6CF36817,?), ref: 6CF43DE2
                                                                                                                                                                                                      • InterlockedFlushSList.KERNEL32(80000008,?,6CF39337,00000000,?,00000000,6CF3F733,00000000,00000000,00000000,00000000,00000000,?,?,6CF36817,?), ref: 6CF43E11
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List$DepthInterlockedQuery$EntryFlushPush
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4063097673-0
                                                                                                                                                                                                      • Opcode ID: 4dca0607cb379e844aa29f75727739eb57050e863e05fee84f57282f1e105927
                                                                                                                                                                                                      • Instruction ID: 0f34120b7f77d22a4486b209aecace2fba549f01e05452717c313980acf26dd3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dca0607cb379e844aa29f75727739eb57050e863e05fee84f57282f1e105927
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D31A276601529AFCB04CF18C980EAA7BF4FF4A324B148559E916D7B41D730F959CBD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0E43B Relevance: 7.6, APIs: 5, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF0E37C: DName::operator+.LIBCMT ref: 6CF0E3E8
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 6CF0E49E
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 6CF0E4A5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2943138195-0
                                                                                                                                                                                                      • Opcode ID: c15df0b39ccc5d8f813b503048a9a8bea2efdf0d58c6dc7ebcff8606ed2454ff
                                                                                                                                                                                                      • Instruction ID: db554b3a4fc03fe07f58b0190b1cacff2f0eec4ba8f610104205ed3db5cd754d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c15df0b39ccc5d8f813b503048a9a8bea2efdf0d58c6dc7ebcff8606ed2454ff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F318479740248DFCB10CFA8D8609EABBF8EF49B08B44486EE5C6C7B45E730A845DB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF11DBD Relevance: 7.6, APIs: 5, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock_file.MSVCR100(?,?,?,?,?,?,?,6CF11E78,0000000C), ref: 6CF11E07
                                                                                                                                                                                                      • __freebuf.LIBCMT ref: 6CF11E18
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(?,?,?,?,?,?,?,6CF11E78,0000000C), ref: 6CF11E3E
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,?,?,?,6CF11E78,0000000C), ref: 6CF28E8D
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,?,?,?,6CF11E78,0000000C), ref: 6CF28E98
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __freebuf_errno_invalid_parameter_noinfo_lock_file_malloc_crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1322749186-0
                                                                                                                                                                                                      • Opcode ID: 7db42fad4eb6a63dbf1f49a3aeaad218a96fbb84f15169c30367aa26fa656bab
                                                                                                                                                                                                      • Instruction ID: 9640e842fd3c980fb239171d798d5870af128206a07132c1f7d1aa573c6cecec
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7db42fad4eb6a63dbf1f49a3aeaad218a96fbb84f15169c30367aa26fa656bab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2121E272A09B028AE7208FE5C4817DF77A0AF11739F20C61AD4629FEE0DB78E505CB41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF78B00 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFileType.KERNEL32(?,?,?,6CF78C18,0000000C), ref: 6CF78B34
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,6CF78C18,0000000C), ref: 6CF78B3E
                                                                                                                                                                                                      • __dosmaperr.LIBCMT(00000000,?,?,6CF78C18,0000000C), ref: 6CF78B45
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF78C18,0000000C), ref: 6CF78B75
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,?,6CF78C18,0000000C), ref: 6CF78B80
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFileLastType__doserrno__dosmaperr_errno
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3203400888-0
                                                                                                                                                                                                      • Opcode ID: c4da50b5ba3bcc3abd3c5f74ec0b4ff50b91876ae53c1fa8b6979f96966f3db9
                                                                                                                                                                                                      • Instruction ID: ea83ee1febbff5414b06dfd07b978e1596b4fc31f6537a3c252a4f0fdf9be5dd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4da50b5ba3bcc3abd3c5f74ec0b4ff50b91876ae53c1fa8b6979f96966f3db9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 802148B16416449EDF218FACE8013CD7B70AF42328F189707D424AFAD2C7758145EF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF42EBA Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF42EC1
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000028,6CF3EF6A,00000000,?,00000000), ref: 6CF42ECD
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000), ref: 6CF42EF2
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6CF42F4F
                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCR100(?), ref: 6CF42F5D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterH_prolog3Leave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4250467438-0
                                                                                                                                                                                                      • Opcode ID: 688c4c0f2d9b18cc1f9754a3aadb91e2da835705011dd29fc472dbe4607a4d64
                                                                                                                                                                                                      • Instruction ID: 4bed78f38ce00d6b2b2086965621da0fb050e3de36e9a71593ad20b8cc98e807
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 688c4c0f2d9b18cc1f9754a3aadb91e2da835705011dd29fc472dbe4607a4d64
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 322163717012069FDB08CFB9D599A6EBBF4BF45324B90C479E416DBA62DB32D940CB20
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5C792 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$__mbsrtowcs_helper_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2140840981-0
                                                                                                                                                                                                      • Opcode ID: 9cb5d0bc03f75acf702224edc93ec18035c9734200fcff1bb3d4aa36f852af64
                                                                                                                                                                                                      • Instruction ID: 6391106a89af19c24c12049b505ed4b8c6c62176259d4844d55636456b9cfb35
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cb5d0bc03f75acf702224edc93ec18035c9734200fcff1bb3d4aa36f852af64
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F11B432600A56DFC711AE68D80469B37B4FF68B29F611616EA2287E90D730C530C7D5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF10A97 Relevance: 7.6, APIs: 5, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcsnicoll_l.MSVCR100(?,?,?,00000000), ref: 6CF10AB5
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF2C7B6
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF2C7C1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo_wcsnicoll_l
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1358483507-0
                                                                                                                                                                                                      • Opcode ID: 21363cb7f5b1ce440dee0ee0068097618cd444c8c62fe559e1a8edd719c1b583
                                                                                                                                                                                                      • Instruction ID: f586fcfbb6c32ba8eea9323bbf55441e11042930363716afc1d98a56e7d7c51d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21363cb7f5b1ce440dee0ee0068097618cd444c8c62fe559e1a8edd719c1b583
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6112332641195CBFF242ED4C8503FA32E0EB01769F60811AF8A48BE90CBBCC840D3E2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF10688 Relevance: 7.6, APIs: 5, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _fileno.MSVCR100(?,?,?,6CF1094E,?,6CF10980,0000000C,6CF109B6,Function_00011614,?,?,00000000,?), ref: 6CF10692
                                                                                                                                                                                                      • _isatty.MSVCR100(00000000,?,?,?,6CF1094E,?,6CF10980,0000000C,6CF109B6,Function_00011614,?,?,00000000,?), ref: 6CF10698
                                                                                                                                                                                                      • __p__iob.MSVCR100(?,?,6CF1094E,?,6CF10980,0000000C,6CF109B6,Function_00011614,?,?,00000000,?), ref: 6CF28A2D
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00001000,?,?,?,?,6CF1094E,?,6CF10980,0000000C,6CF109B6,Function_00011614,?,?,00000000,?), ref: 6CF28A71
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __p__iob_fileno_isatty_malloc_crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 301265415-0
                                                                                                                                                                                                      • Opcode ID: d92d6e20cd3ea497872309f95bc2340e4c6f770b56e2c4ce64154c6b1ea53cfb
                                                                                                                                                                                                      • Instruction ID: 83c7bbeecff89923691fb5945f1500800ef2bd876254330610310ff28577a6f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d92d6e20cd3ea497872309f95bc2340e4c6f770b56e2c4ce64154c6b1ea53cfb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 111173B3918742AED3649F6AD451687B7F8EF45398B10892FD1D6C3A00E7B8E4548F90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF125A4 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _fileno.MSVCR100(?,6CF12640,00000008), ref: 6CF125C8
                                                                                                                                                                                                      • _lock_file.MSVCR100(?,?,6CF12640,00000008), ref: 6CF125D0
                                                                                                                                                                                                        • Part of subcall function 6CF0A48D: _lock.MSVCR100(?,?,?,6CF56E10,00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF0A4BA
                                                                                                                                                                                                        • Part of subcall function 6CF0A595: _fileno.MSVCR100(?,?,?,?,?,?,?,6CF0A830,?), ref: 6CF0A5C4
                                                                                                                                                                                                        • Part of subcall function 6CF0A595: _write.MSVCR100(00000000,?,?,?,?,?,?,6CF0A830,?), ref: 6CF0A5CB
                                                                                                                                                                                                      • _lseek.MSVCR100(00000000,00000000,00000000,?,?,6CF12640,00000008), ref: 6CF1261D
                                                                                                                                                                                                      • _errno.MSVCR100(6CF12640,00000008), ref: 6CF28E56
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF12640,00000008), ref: 6CF28E61
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fileno$_errno_invalid_parameter_noinfo_lock_lock_file_lseek_write
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2790466172-0
                                                                                                                                                                                                      • Opcode ID: 30db1b28cd24f8ea573bf9811b72410f696adc029eb63163c8ac812ea6127265
                                                                                                                                                                                                      • Instruction ID: 48c787d09b061543afc04fb27592393fa409f4058a8ae5c9bcc1a4ac30b5c582
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30db1b28cd24f8ea573bf9811b72410f696adc029eb63163c8ac812ea6127265
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86112773605A408FD7104FF898955AE3BE0AF43638B15C319D4398BED1DB399A059B11
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0BDC0 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0BE40,0000000C), ref: 6CF0BE66
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF0BE40,0000000C), ref: 6CF294A7
                                                                                                                                                                                                        • Part of subcall function 6CF0BBE4: _lock.MSVCR100(00000001,6CF0BC30,00000010,6CF0BE02,6CF0BE40,0000000C), ref: 6CF0BBF9
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0BE40,0000000C), ref: 6CF294B3
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0BE40,0000000C), ref: 6CF294C0
                                                                                                                                                                                                      • @_EH4_CallFilterFunc@8.LIBCMT(6CFA4610,?,000000FE,6CF0BE40,0000000C), ref: 6CF294D6
                                                                                                                                                                                                        • Part of subcall function 6CF0BCC7: _wsopen_s.MSVCR100(?,?,00000000,?,00000180,00000000,?,?), ref: 6CF0BD91
                                                                                                                                                                                                        • Part of subcall function 6CF0BE5C: _unlock_file.MSVCR100(?,6CF0BE36), ref: 6CF0BE5F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$CallFilterFunc@8_invalid_parameter_noinfo_lock_unlock_file_wsopen_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1609081514-0
                                                                                                                                                                                                      • Opcode ID: f13da8ffb1873779925860eaa45cdf181c88ed5f921290930286ae503bc7a7ac
                                                                                                                                                                                                      • Instruction ID: e11f01f667b95355710807c91903e7aebab491b6d7507f4e507c469f673f6d6d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f13da8ffb1873779925860eaa45cdf181c88ed5f921290930286ae503bc7a7ac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3211C271E00609DECB00AFA88C605EF76A5BF45B24B35CE11D424DBB90DF798A44ABA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0C84A Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6CF3079E
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 6CF307AA
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF307B2
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 6CF307BA
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 6CF307C6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1445889803-0
                                                                                                                                                                                                      • Opcode ID: 7c1f6baefababe672905bc16d379deb2d501076b15776105354cd945198acf3d
                                                                                                                                                                                                      • Instruction ID: ecdc5ed0adb287e502c18cb03775a3585dba63e1195662f882a27852e642dc40
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c1f6baefababe672905bc16d379deb2d501076b15776105354cd945198acf3d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A31156B6E00228EBDF109BF9D84865EFBF4EF89355F620511D425E7600DBB0D9408BD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF12F10 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcslen.LIBCMT(?,6CF12F60,00000010), ref: 6CF12F44
                                                                                                                                                                                                      • _lock_file.MSVCR100(?,?,6CF12F60,00000010), ref: 6CF12F4F
                                                                                                                                                                                                        • Part of subcall function 6CF0A48D: _lock.MSVCR100(?,?,?,6CF56E10,00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF0A4BA
                                                                                                                                                                                                      • _fputwc_nolock.MSVCR100(?,?,?,?,?,?,?,?,6CF12F60,00000010), ref: 6CF12F94
                                                                                                                                                                                                      • _errno.MSVCR100(6CF12F60,00000010), ref: 6CF286E9
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF12F60,00000010), ref: 6CF286F4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_fputwc_nolock_invalid_parameter_noinfo_lock_lock_file_wcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 674470822-0
                                                                                                                                                                                                      • Opcode ID: bc7aeeaf2b41855f5eb3e4e47b8d0a4f707e7fc33e6cb3b7251217782e61bd5c
                                                                                                                                                                                                      • Instruction ID: eaebe3aff363b3a201a5a695a5f80ad09782b25f77eb19f6b4990358c75608c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc7aeeaf2b41855f5eb3e4e47b8d0a4f707e7fc33e6cb3b7251217782e61bd5c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97116136B08219DBDF109FE8D8055ED77B0FF06B24F21C626F4109AE94CB7A8944AB94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4C6E7 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6CF276A1,?,6CF0B8C3,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF4C352
                                                                                                                                                                                                      • free.MSVCR100(00000000,?,?,6CF276A1,?,6CF0B8C3,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF4C355
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(00000001,?,?,6CF276A1,?,6CF0B8C3,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF4C37C
                                                                                                                                                                                                      • DecodePointer.KERNEL32(00000001,6CF276A1,?,6CF0B8C3,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF4C6F8
                                                                                                                                                                                                      • TlsFree.KERNEL32(00000001,6CF276A1,?,6CF0B8C3,6CF01DE0,00000008,6CF01E16,00000001,?), ref: 6CF4C716
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalDeleteSection$DecodeFreePointerfree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1464103408-0
                                                                                                                                                                                                      • Opcode ID: f8dc464dcaffa6079385403927e7a7aa5effadcad39f37576b9bab53368c6bb2
                                                                                                                                                                                                      • Instruction ID: db69c8a4569cc823f151dc18d7008a5d6586c130ce9ff10955d596177b5747bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8dc464dcaffa6079385403927e7a7aa5effadcad39f37576b9bab53368c6bb2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1601D632A01100CBDA606BA8EC8566DFBFABB42A34335A309E4B4D39A0CB20DC469610
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF00CF8 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo_wmemsetmemcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 286551074-0
                                                                                                                                                                                                      • Opcode ID: 48a40f4570b75cf50dd804eddcdfcf6df6cdf5da1d69b5921eabe914fd61701c
                                                                                                                                                                                                      • Instruction ID: 7a7d17b0376f1413e337f4699652225db0d9e70017f8c506f9d4137f6cd09999
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48a40f4570b75cf50dd804eddcdfcf6df6cdf5da1d69b5921eabe914fd61701c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C01B132642218FBDB314F84DC107CA37A4EF04B58F548426FD145B690DBB5DA54DA91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF00110 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo_memsetmemcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2314827996-0
                                                                                                                                                                                                      • Opcode ID: e07c0c6c417fb1cc33f45a315b6db5ccc3e21c2603c3f501c7df04ecebc97513
                                                                                                                                                                                                      • Instruction ID: b74a02b3621d06d8f4752048599e865d1b126fba7c63311fa9dd82efe6e9c03b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e07c0c6c417fb1cc33f45a315b6db5ccc3e21c2603c3f501c7df04ecebc97513
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8401F232345218EBCF221F84EC157CE37A4AF04F28F118426F8181BAA0CBB58750DAD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40EE7 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WaitForMultipleObjects.KERNEL32(?,?,00000000,000000FF), ref: 6CF40F18
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF40F1F
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF40F38
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(00000000,6CFA0C48,00000000), ref: 6CF40F47
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6CF40F4F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionHandleLastMultipleObjectsThrowWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1291167946-0
                                                                                                                                                                                                      • Opcode ID: 255a9e85fb93985b7bc949dc8ccb0b6a660b86022d6029bbf71971ed0b8458c7
                                                                                                                                                                                                      • Instruction ID: af14aa4cebffa614e6299de512a04a33c7e34935e6f8f6beb25072b86bee687b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 255a9e85fb93985b7bc949dc8ccb0b6a660b86022d6029bbf71971ed0b8458c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D012672504148BBC7109A65CC44B5A7BB8EF91334F20C726F878C2AD0EB74ED459698
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7E480 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF7C42B,00000000,?,00000000), ref: 6CF7E48D
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,6CF7C42B,00000000,?,00000000), ref: 6CF7E497
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 6CF7E4AA
                                                                                                                                                                                                      • __cftoe.LIBCMT(00000000,?,?,00000000,000000FF,?,?,6CF7C42B,00000000,?,00000000), ref: 6CF7E4B8
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6CF7E4D3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __cftoe__get_sys_err_msg__invoke_watson_errno_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1727381857-0
                                                                                                                                                                                                      • Opcode ID: db9e6703e79e98e6a4c7677904d92aef54ca7ad6cc642cd26e215e2b7e88a425
                                                                                                                                                                                                      • Instruction ID: e1d53fa2103f9e4ccfa6e45723c026dd8df1e9393cb64c4279438a493fed662d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: db9e6703e79e98e6a4c7677904d92aef54ca7ad6cc642cd26e215e2b7e88a425
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96F0B479545128AF9F322F94BC408DE36589B05B38B214233F61489E90DA30C57087F1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF029D4 Relevance: 7.5, APIs: 5, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,6CF0238F,?,?,?,00000000,?), ref: 6CF293B8
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,6CF0238F,?,?,?,00000000,?), ref: 6CF293C3
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,6CF0238F,?,?,?,00000000,?), ref: 6CF293CD
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF293E4
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,6CF0238F,?,?,?,00000000,?), ref: 6CF293EF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2819658684-0
                                                                                                                                                                                                      • Opcode ID: be50af1140379b9b6f1cceeedad6ea11151c90216ce32a4f0948b8eeeb08b5cc
                                                                                                                                                                                                      • Instruction ID: ba55c29f6f3d00a98511ba0919f6513a542fdd6e7a06857a33ead66941a9b68e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: be50af1140379b9b6f1cceeedad6ea11151c90216ce32a4f0948b8eeeb08b5cc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6901A232501608DBCB111FE488207DA3A98AF45738F254616F82857AE0CFB98A64E7B1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0AA39 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0,?,6CF0B911), ref: 6CF0AA51
                                                                                                                                                                                                      • DecodePointer.KERNEL32(?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0,?,6CF0B911), ref: 6CF0AA5E
                                                                                                                                                                                                      • _msize.MSVCR100(00000000,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF0AA7B
                                                                                                                                                                                                        • Part of subcall function 6CF025DA: HeapSize.KERNEL32(00000000,00000000,?,6CF0AA80,00000000,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?), ref: 6CF025F4
                                                                                                                                                                                                      • EncodePointer.KERNEL32(?,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF0AA97
                                                                                                                                                                                                      • EncodePointer.KERNEL32(-00000004,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF0AA9F
                                                                                                                                                                                                      • _realloc_crt.MSVCR100(00000000,00000800,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF1283A
                                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,?,?,?,?,?,6CF0AA03,?,6CF0AA20,0000000C,6CF0C551,?,?,6CF0C455,6CF270E0), ref: 6CF12850
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Pointer$Encode$Decode$HeapSize_msize_realloc_crt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 765448609-0
                                                                                                                                                                                                      • Opcode ID: dcf1b78145b3703a9f70c4c37cb4a67a907fac7630208251166dc2b7ef5a2c7a
                                                                                                                                                                                                      • Instruction ID: 6d1c3f2e3064529316e6292b57ba5796c289ac4b6fecd75a1070c4098fd14b73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcf1b78145b3703a9f70c4c37cb4a67a907fac7630208251166dc2b7ef5a2c7a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9F04476B10219ABDB019FB9DC849C9BBF9FB86260311053BE505E3610DB72E8458BD4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7EE60 Relevance: 7.5, APIs: 5, Instructions: 40stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(?,?,?,6CF7DAC9,00000000,?,00000000), ref: 6CF7EE6E
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,?,?,6CF7DAC9,00000000,?,00000000), ref: 6CF7EE78
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • __get_sys_err_msg.LIBCMT ref: 6CF7EE91
                                                                                                                                                                                                      • strncpy_s.MSVCR100(?,?,00000000,?,?,?,?,6CF7DAC9,00000000,?,00000000), ref: 6CF7EE9C
                                                                                                                                                                                                      • __invoke_watson.LIBCMT(00000000,00000000,00000000,00000000,00000000), ref: 6CF7EEAD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __get_sys_err_msg__invoke_watson_errno_invalid_parameter_invalid_parameter_noinfostrncpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 161604870-0
                                                                                                                                                                                                      • Opcode ID: 02ba4e05f6feedd975f4bf243cc99453f459085dabea20648c5a8f2298ebc26f
                                                                                                                                                                                                      • Instruction ID: 3fe81bd6f610cc418460b78a022eebdd5762fe8f420c1cd7a2b0843c5e63d510
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02ba4e05f6feedd975f4bf243cc99453f459085dabea20648c5a8f2298ebc26f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CF0A7721001186F97216FA5EC008EF3B9CEFC46A8B110423F91C86A50DB328955D6F0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5AF74 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5AF8D
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF5AF98
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5AFB8
                                                                                                                                                                                                      • _localtime64_s.MSVCR100(?,?), ref: 6CF5AFCA
                                                                                                                                                                                                        • Part of subcall function 6CF16924: _memset.LIBCMT(?,000000FF,00000024), ref: 6CF1694D
                                                                                                                                                                                                        • Part of subcall function 6CF16924: _get_daylight.MSVCR100(?), ref: 6CF16989
                                                                                                                                                                                                        • Part of subcall function 6CF16924: _get_dstbias.MSVCR100(?), ref: 6CF1699B
                                                                                                                                                                                                        • Part of subcall function 6CF16924: _get_timezone.MSVCR100(?), ref: 6CF169AD
                                                                                                                                                                                                        • Part of subcall function 6CF16924: _gmtime64_s.MSVCR100(?,?), ref: 6CF169E1
                                                                                                                                                                                                      • __wasctime.LIBCMT(?), ref: 6CF5AFD9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$__wasctime_get_daylight_get_dstbias_get_timezone_gmtime64_s_invalid_parameter_invalid_parameter_noinfo_localtime64_s_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 957981164-0
                                                                                                                                                                                                      • Opcode ID: c5319b1d53e11eb2409a71b49b5b4708bb1cfd9fd597fa7d069d15914fe2a3a6
                                                                                                                                                                                                      • Instruction ID: f09ddba7485f743f00fd0788c878a8c806f932caad1b7606836f6bcff76d74d2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5319b1d53e11eb2409a71b49b5b4708bb1cfd9fd597fa7d069d15914fe2a3a6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3F0AFB1A08208DEDB009FA9D814BEA77F8AF1931CF95001AC601D7A80EF71D568D7B0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0C3B5 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _control87.MSVCR100(00000001,?,00000000,?,6CF4CD13,00000000,00010000,00030000,?,6CF31D4E,?,6CF0C434,?,?,6CF0B911,00000000), ref: 6CF0C3E3
                                                                                                                                                                                                      • _control87.MSVCR100(00000000,00000000,00000000,?,6CF4CD13,00000000,00010000,00030000,?,6CF31D4E,?,6CF0C434,?,?,6CF0B911,00000000), ref: 6CF324B3
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,?,6CF4CD13,00000000,00010000,00030000,?,6CF31D4E,?,6CF0C434,?,?,6CF0B911,00000000), ref: 6CF324BC
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(00000000,?,6CF4CD13,00000000,00010000,00030000,?,6CF31D4E,?,6CF0C434,?,?,6CF0B911,00000000), ref: 6CF324C6
                                                                                                                                                                                                      • _control87.MSVCR100(00000001,?,00000000,?,6CF4CD13,00000000,00010000,00030000,?,6CF31D4E,?,6CF0C434,?,?,6CF0B911,00000000), ref: 6CF324D2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _control87$_errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1498936549-0
                                                                                                                                                                                                      • Opcode ID: 653d937e653dbae3c2be1c4975eef3d19483455eb323603dde9f1e342fa2f7e0
                                                                                                                                                                                                      • Instruction ID: ab0f4ef4abc6650f1cae39f663ecb3e68fb7d8c1b225ecabd996a78f77b5a33a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 653d937e653dbae3c2be1c4975eef3d19483455eb323603dde9f1e342fa2f7e0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5F0F073758724ABD7246FA8D851BDA3398AF04F24F20400EF8589BB81DB70E80052E5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF5AE79 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5AE92
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF5AE9D
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF5AEB5
                                                                                                                                                                                                      • __localtime32_s.LIBCMT(?,?), ref: 6CF5AEC7
                                                                                                                                                                                                        • Part of subcall function 6CF5960C: _errno.MSVCR100(?,?,?,?), ref: 6CF59628
                                                                                                                                                                                                        • Part of subcall function 6CF5960C: _invalid_parameter_noinfo.MSVCR100(?,?,?,?), ref: 6CF59632
                                                                                                                                                                                                      • __wasctime.LIBCMT(?), ref: 6CF5AED6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo$__localtime32_s__wasctime_invalid_parameter
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2302537511-0
                                                                                                                                                                                                      • Opcode ID: 7c6828c505bdaf51ac6ea1a9d1164e535f34648dfda135e4a541c1f5cda0a361
                                                                                                                                                                                                      • Instruction ID: 8fc3ec1becb3890c2910cb7aab592ed2bc6f7c778b813f96a85fcede0e670eb1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c6828c505bdaf51ac6ea1a9d1164e535f34648dfda135e4a541c1f5cda0a361
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44F06D71B04208DFDB00DFAAD854BDA77F8AF59318F840425C600E7A90EF74D9689670
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0A675 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,6CF785C4,?,?,?,?,?,?,6CF2FDE3,?,00000000,00000000,00000002,?,00000002,?), ref: 6CF0A6B0
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,6CF785C4,?,?,?,?,?,?,6CF2FDE3,?,00000000,00000000,00000002,?,00000002,?), ref: 6CF3040F
                                                                                                                                                                                                      • _errno.MSVCR100(?,6CF785C4,?,?,?,?,?,?,6CF2FDE3,?,00000000,00000000,00000002,?,00000002,?), ref: 6CF30417
                                                                                                                                                                                                      • _errno.MSVCR100(?,6CF785C4,?,?,?,?,?,?,6CF2FDE3,?,00000000,00000000,00000002,?,00000002,?), ref: 6CF3042A
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(?,6CF785C4,?,?,?,?,?,?,6CF2FDE3,?,00000000,00000000,00000002,?,00000002,?), ref: 6CF30435
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2315031519-0
                                                                                                                                                                                                      • Opcode ID: bdc9802e8004fe1f9c265797676703c5f7c0fc043f9d9e3115799b9c8f0f799c
                                                                                                                                                                                                      • Instruction ID: 5289d882ab1732dbf529e300aab3a68db2c5058d8f74077780984df3b1c94de7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdc9802e8004fe1f9c265797676703c5f7c0fc043f9d9e3115799b9c8f0f799c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66F09A32364284CBD3115FA8D5603AA7AF4AF82B29F125281D4288BFD1DFB4984296A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF53C94 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF53C9F
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF53CAA
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF53CBC
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF53CC7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1328987296-0
                                                                                                                                                                                                      • Opcode ID: 1e3cfb8cf464e90e68134e5ca42d8be23a5957681d7af9dfe7a54467c7e9c6ae
                                                                                                                                                                                                      • Instruction ID: feeec58ce30c6191ecc77d618a7a78fd4fcbf4b9f41c9331e453e16aea164850
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e3cfb8cf464e90e68134e5ca42d8be23a5957681d7af9dfe7a54467c7e9c6ae
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBF082316846189ADB551FBCD8103DA3BD8BF41338F918726E5789BAD0CF71C46897A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40072 Relevance: 7.5, APIs: 5, Instructions: 32memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF3B72F: __EH_prolog3.LIBCMT ref: 6CF3B736
                                                                                                                                                                                                      • TlsAlloc.KERNEL32 ref: 6CF40093
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF400A3
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF400BC
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(00000000,6CFA0C48,00000000), ref: 6CF400CB
                                                                                                                                                                                                      • Concurrency::details::UMSThreadScheduler::OneShotStaticConstruction.LIBCMT ref: 6CF400D0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConstructionErrorExceptionH_prolog3LastScheduler::ShotStaticThreadThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3767078539-0
                                                                                                                                                                                                      • Opcode ID: 26c2c796a68a0eae5182fba7541951d0d461410ff6a75a6bfe4c47b9c627ae92
                                                                                                                                                                                                      • Instruction ID: 96d28b5f49d6a0938e24309be52e177266e22113c671fb6559f0130c38d287ea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26c2c796a68a0eae5182fba7541951d0d461410ff6a75a6bfe4c47b9c627ae92
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCF02E72A2414496C7006BF89C0976E76B8AF41318F108B3AE43DC2AC1FF38C5085A96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CEF43ED Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 6CEF447D
                                                                                                                                                                                                        • Part of subcall function 6CF18900: __87except.LIBCMT ref: 6CF1893B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorHandling__87except__start
                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                      • API String ID: 2905807303-2276729525
                                                                                                                                                                                                      • Opcode ID: 05afe405e09dfeb8afc147e225f53f951a03ca15060cb4e82ea597628b41e7d0
                                                                                                                                                                                                      • Instruction ID: 043306200fcdb6c2d3a721fffe7d807705e63b73211a959f4ed9c6477a1b5385
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05afe405e09dfeb8afc147e225f53f951a03ca15060cb4e82ea597628b41e7d0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C515C71A0D24186D7016A18D70035E7BF4EB8371CF70895BE4F592FD4EF39859B8A46
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3CF41 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,?,?,00000000,?,00000000), ref: 6CF3D032
                                                                                                                                                                                                      • _memset.LIBCMT(00000000,00000000,?,00000000,?,?,00000000,?,00000000), ref: 6CF3D045
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                      • String ID: $$,
                                                                                                                                                                                                      • API String ID: 2102423945-53852779
                                                                                                                                                                                                      • Opcode ID: e2d83b1a819bed4c5a230ef617da4e9fa3b3306b2f05e93d613d94c158604098
                                                                                                                                                                                                      • Instruction ID: 9c7ad563576314360c1df0d1c8e71a41852feeac0b0421ecb03a34c83200e4de
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2d83b1a819bed4c5a230ef617da4e9fa3b3306b2f05e93d613d94c158604098
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B4160B1A04228BFDF01EFB8C880AEEBBB5EF08744F105155E819A7700D775AA558BE1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF041E3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo_wcslen
                                                                                                                                                                                                      • String ID: I
                                                                                                                                                                                                      • API String ID: 3151729805-3707901625
                                                                                                                                                                                                      • Opcode ID: bc2f1c89c1078759f039ebf9d7a560c37cda189c6bed76a8749f1f0e7870672c
                                                                                                                                                                                                      • Instruction ID: 0b9e2fc44c0813aaa81ceca3aa23169253b7746c5752f144ae4017bc7bcdc254
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc2f1c89c1078759f039ebf9d7a560c37cda189c6bed76a8749f1f0e7870672c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54014F72D002099BDF108FA5DC056EF7BB5AF44728F104616E534A66D0D779C215CBE5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF10593 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo_strlen
                                                                                                                                                                                                      • String ID: I
                                                                                                                                                                                                      • API String ID: 1245117036-3707901625
                                                                                                                                                                                                      • Opcode ID: 9146ea79b0e2cd0930d0f7a61baddf571fc6d02051e8e8fa25010579097adb09
                                                                                                                                                                                                      • Instruction ID: 67b0618914832f370e3e9bff283c80166f7fbc2733b91c20702daad2dc6c1f69
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9146ea79b0e2cd0930d0f7a61baddf571fc6d02051e8e8fa25010579097adb09
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B701A272C0024EABDF109FA4C800AEE7BB5BF44728F10421AE520B6280DB78C611CBA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF74027 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6CF74035
                                                                                                                                                                                                        • Part of subcall function 6CF73874: DecodePointer.KERNEL32(6CF738B0,00000008,6CF743D7,6CF743F8,0000000C,6CF7444F,?,?,00000003,00000000,6CF744A8,00000008,6CF2CB2F,?,00000000,00000003), ref: 6CF73886
                                                                                                                                                                                                        • Part of subcall function 6CF73874: ?terminate@@YAXXZ.MSVCR100(?,00000000,00000003,?), ref: 6CF738A6
                                                                                                                                                                                                      • ?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6CF74040
                                                                                                                                                                                                      • ?_inconsistency@@YAXXZ.MSVCR100(?,00000000,?,00000000,00000000), ref: 6CF7406B
                                                                                                                                                                                                      • ?raw_name@type_info@@QBEPBDXZ.MSVCR100(0000005E,?,00000000,?,00000000,00000000), ref: 6CF74089
                                                                                                                                                                                                      • strcmp.MSVCR100(00000000,0000005E,?,00000000,?,00000000,00000000), ref: 6CF7408F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ?_inconsistency@@$?raw_name@type_info@@?terminate@@DecodePointerstrcmp
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2672297707-1018135373
                                                                                                                                                                                                      • Opcode ID: 0e10fbcdc216a47d976a5216acc1823d21fb8472fe0e0d95f87f5171ea74f30f
                                                                                                                                                                                                      • Instruction ID: c181d747e8ba384d939e937dc0533d21ef25e982bebeb07e34aab0c35df011cf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e10fbcdc216a47d976a5216acc1823d21fb8472fe0e0d95f87f5171ea74f30f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFF0C8374406209B8E31CF65B44450ABBB9AE85768719470BCC9497F10C730F9058EF2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7EACC Relevance: 6.3, APIs: 4, Instructions: 279COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7EAE7
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7EAF2
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF7EB0B
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF7EB16
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1328987296-0
                                                                                                                                                                                                      • Opcode ID: 1d21298c185a489d5243185a17ccecaf2bcb37292b0f8223cf50577ae131f7b6
                                                                                                                                                                                                      • Instruction ID: e268df12cb60733dacb5ade274622eac854d5a6b55e8088cc3df3805ce3e72bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d21298c185a489d5243185a17ccecaf2bcb37292b0f8223cf50577ae131f7b6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45A10135A042598FCB21CF69A8806DE7FB6AF9A308F24819BEC6597744D630D951CBF0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04A80 Relevance: 6.3, APIs: 4, Instructions: 262COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2959964966-0
                                                                                                                                                                                                      • Opcode ID: 60e4596ce5a9e0a2e9c1fbba2ca985ea7d3551731e044f53e119f8d86f560dda
                                                                                                                                                                                                      • Instruction ID: 2e91a62163d3d99bb833c26de62c91372f9c91e7abab712fac79d4126b268264
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60e4596ce5a9e0a2e9c1fbba2ca985ea7d3551731e044f53e119f8d86f560dda
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB917C31B082599FCF11CF6988A02DE7F75AFAAB04F148159FC64A7744D7709D10EBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF36CC7 Relevance: 6.1, APIs: 4, Instructions: 123COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCR100(00000000,00000000), ref: 6CF36DA2
                                                                                                                                                                                                      • _memset.LIBCMT(00000000,00000000,?,00000000,00000000), ref: 6CF36DB5
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(0000000C,00000000,00000000,?,00000000,00000000), ref: 6CF36DBC
                                                                                                                                                                                                      • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100(?,?,?,?,?,00000000), ref: 6CF36E07
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Spin$??2@Concurrency@@Once@?$_Wait@$00@details@_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4058414921-0
                                                                                                                                                                                                      • Opcode ID: b28602c4fd5409745a79aca79c4b6a53459836926710c90d365a6ff905a27f82
                                                                                                                                                                                                      • Instruction ID: 0f03d71757f1d28a6abcbc3f3c42185aa6b744d917f77aa97fdabe1fa1f8c077
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b28602c4fd5409745a79aca79c4b6a53459836926710c90d365a6ff905a27f82
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B5178301043119FD716CF29C581B16B7F0FF89328F149A6DE5AA8BA95D730E889CB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40F65 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,759230B0,?,?,6CF40F0E), ref: 6CF40F81
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(?), ref: 6CF41062
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6CF4106F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$??3@EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3906572401-0
                                                                                                                                                                                                      • Opcode ID: bd15aec3d3bce760fb36dd37fcae66296b97ab5e344253fb0d088d14c4a428fd
                                                                                                                                                                                                      • Instruction ID: f150c6d09f0750c2f92fe08bf871c58c1df70a2686b12d567596e98e29e3bc80
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd15aec3d3bce760fb36dd37fcae66296b97ab5e344253fb0d088d14c4a428fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA418B75604640CFC724CF28C180A96BBF4FF4A715B14C9AAE88ACBB12E731E955DB60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4843F Relevance: 6.1, APIs: 4, Instructions: 108threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF4844F
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF48484
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(6CF338A8,6CFA0C0C,?,?), ref: 6CF48492
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?,?), ref: 6CF48567
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::unsupported_os::unsupported_osCurrentExceptionThreadThrowstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1840351702-0
                                                                                                                                                                                                      • Opcode ID: ed7ea95e06b32d10e4a8a37708f311c65b42692ec6b919fdecd185e6e1ba0d78
                                                                                                                                                                                                      • Instruction ID: ace3b8868b490a01169ce57e5f6ca7317d06cab81f0e0d0f008683f5f3a0a7a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed7ea95e06b32d10e4a8a37708f311c65b42692ec6b919fdecd185e6e1ba0d78
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2841D131500285DFDB11DFA5C08469DBFB0AF0031CF1984AED942ABA62CB74EA89CBD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF36508 Relevance: 6.1, APIs: 4, Instructions: 91sleepCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ.MSVCR100(6CF36670,0000002C,6CF369E3,00000000,-00000004,-00000004,00000000,00000000,?,6CF3F7B0,?,00000000,?,?,6CF39ADB,?), ref: 6CF3652C
                                                                                                                                                                                                        • Part of subcall function 6CF36E52: _SpinWait.LIBCMT(00000FA0,00000FA0,?,6CF3AB8A,00000000), ref: 6CF36E6C
                                                                                                                                                                                                      • ?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR100(6CF36670,0000002C,6CF369E3,00000000,-00000004,-00000004,00000000,00000000,?,6CF3F7B0,?,00000000,?,?,6CF39ADB,?), ref: 6CF36572
                                                                                                                                                                                                      • ?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ.MSVCR100(6CF36670,0000002C,6CF369E3,00000000,-00000004,-00000004,00000000,00000000,?,6CF3F7B0,?,00000000,?,?,6CF39ADB,?), ref: 6CF365C2
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,6CF36670,0000002C,6CF369E3,00000000,-00000004,-00000004,00000000,00000000,?,6CF3F7B0,?,00000000,?,?,6CF39ADB), ref: 6CF365E2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency@@Spin$AcquireLock@details@ReaderWrite@_Writer$A@@details@Once@?$_SleepWaitWait@$0
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 947146699-0
                                                                                                                                                                                                      • Opcode ID: ac6e0bb9913d9fcd85d0fee1025a49ffdc47f234a3d893f382a3bb40bed98edd
                                                                                                                                                                                                      • Instruction ID: ed93769685a69b6ca0023e1dde6131ce2e1e24a301f241a7d08f63bc1c94997f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac6e0bb9913d9fcd85d0fee1025a49ffdc47f234a3d893f382a3bb40bed98edd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C414571A04668EFDB10CFA8C5407CEBBF0BF04318F146129E459ABB81D775A908CBE4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04C64 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2959964966-0
                                                                                                                                                                                                      • Opcode ID: 7c9b0ed7c493f3349ca2def0bf8fbd7b1ae41ecdd9efd907c1c8521a4820b386
                                                                                                                                                                                                      • Instruction ID: 76da27e22d1bc47540d8f896ac9afb93fbdb1eb7d66abfa037fa7a074c822dc9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c9b0ed7c493f3349ca2def0bf8fbd7b1ae41ecdd9efd907c1c8521a4820b386
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F921F776B02225DBDB149F25C8106B637F0FF61F48B698159EC51DBB80E735C940E3A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF10DBF Relevance: 6.1, APIs: 4, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _towlower_l.MSVCR100(?,?,?), ref: 6CF10E07
                                                                                                                                                                                                        • Part of subcall function 6CF0254C: iswctype.MSVCR100(?,00000001,?,?,?,?,?,?,?), ref: 6CF02590
                                                                                                                                                                                                      • _towlower_l.MSVCR100(?,?,?,?,?), ref: 6CF10E17
                                                                                                                                                                                                      • _errno.MSVCR100 ref: 6CF2C6C3
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100 ref: 6CF2C6CE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _towlower_l$_errno_invalid_parameter_noinfoiswctype
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2204055994-0
                                                                                                                                                                                                      • Opcode ID: c62b32d6ea28998e8d4cd499b6f4a9f5f98c2951b40b5d7c84900ea7f25c408a
                                                                                                                                                                                                      • Instruction ID: 237a6ded70a58649caeaf7ef01a8e55c5de9d205ce9e3131f220f85994456b12
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c62b32d6ea28998e8d4cd499b6f4a9f5f98c2951b40b5d7c84900ea7f25c408a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34212B72506196C7EB20AFEAC880BFA3AB4FB01719F600516E864DBA80D778C950D770
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF16D81 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000001,00000000,00000001,00000002,?,?,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF16DEE
                                                                                                                                                                                                      • _get_osfhandle.MSVCR100(?,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF16DF8
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF16DFF
                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF16E06
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: _get_osfhandle.MSVCR100(?,?,?,?,6CF0A795,?,6CF0A7B0,00000010), ref: 6CF0A6C5
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: _get_osfhandle.MSVCR100(?), ref: 6CF0A6E8
                                                                                                                                                                                                        • Part of subcall function 6CF0A6BA: FindCloseChangeNotification.KERNELBASE(00000000), ref: 6CF0A6EF
                                                                                                                                                                                                      • _errno.MSVCR100(?,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF30531
                                                                                                                                                                                                      • __doserrno.MSVCR100(?,00000000,?,?,?,6CF16D4C,?,?,6CF16D68,00000010), ref: 6CF3053C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _get_osfhandle$CurrentProcess$ChangeCloseDuplicateFindHandleNotification__doserrno_errno
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2004342405-0
                                                                                                                                                                                                      • Opcode ID: 82b2d6806d9901104f961a2ed055bba7ceed4999b70565dc2dd1fdfd5a05a85e
                                                                                                                                                                                                      • Instruction ID: dd45852a64139986d98d9acfb3ef885adae3e4474971fd4751ca4cdacd84da49
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82b2d6806d9901104f961a2ed055bba7ceed4999b70565dc2dd1fdfd5a05a85e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B931FD36614685AFDB01CFA8D890BD53BF9EF0A308B154199E958CF662CB71EA05CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3A630 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF3A7F9: _fabs.LIBCMT(00000000,00000000,00000000,00000000,?,6CF3A727,00000000,00000000,?,6CF3A51B), ref: 6CF3A831
                                                                                                                                                                                                      • sqrt.MSVCR100(?,?,?,?,?), ref: 6CF3A6AF
                                                                                                                                                                                                      • _fabs.LIBCMT(?,?,?,?,?), ref: 6CF3A6BD
                                                                                                                                                                                                        • Part of subcall function 6CF8122F: __ctrlfp.LIBCMT ref: 6CF81248
                                                                                                                                                                                                        • Part of subcall function 6CF8122F: __except1.LIBCMT ref: 6CF81294
                                                                                                                                                                                                      • _fabs.LIBCMT(?,?,?,?,?), ref: 6CF3A6DE
                                                                                                                                                                                                      • exp.MSVCR100(?,?,?,?,?), ref: 6CF3A6EC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fabs$__ctrlfp__except1sqrt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2723176039-0
                                                                                                                                                                                                      • Opcode ID: ac48756a60c6466974e1c4a16777fba5316f44bfc83af7541f1f6e82968d39a0
                                                                                                                                                                                                      • Instruction ID: 44de8f58ab998ea97658d20c7635630dc34deed931ebeac4d64c01043deb235e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac48756a60c6466974e1c4a16777fba5316f44bfc83af7541f1f6e82968d39a0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E521B372E00518F7CF046FE5E4885EDFBB4EF44254F208599E4A862740DF359A6487D4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF16014 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcspbrk.LIBCMT(?,6CF1605C,?,00000000,6CF1664A,?,?,?,?,?,?,6CF15A0E), ref: 6CF1603B
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000004,00000001,?,00000000,6CF1664A,?,?,?,?,?,?,6CF15A0E), ref: 6CF16080
                                                                                                                                                                                                      • free.MSVCR100(00000000,?,00000000,6CF1664A,?,?,?,?,?,?,6CF15A0E), ref: 6CF160BC
                                                                                                                                                                                                      • _wmatch.LIBCMT ref: 6CF27738
                                                                                                                                                                                                        • Part of subcall function 6CF15FDB: _malloc_crt.MSVCR100(00000008,?,6CF4CCEF,?,00000000,-00000002,6CFA5BD0), ref: 6CF15FE2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _calloc_crt_malloc_crt_wcspbrk_wmatchfree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 588445202-0
                                                                                                                                                                                                      • Opcode ID: 96a0b252bb3ecc7cdf70a3e7ca322522212b9a0f994d5cd8e2034a99dd0b39d3
                                                                                                                                                                                                      • Instruction ID: c589c55c78eed046828d65e56b242ef6a95502cf47c93137e2d2d946441d0b19
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96a0b252bb3ecc7cdf70a3e7ca322522212b9a0f994d5cd8e2034a99dd0b39d3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6021D5B7A1CD20CFC7118F69E84064AF7F4EB86B28335861AF495D7E50EB32D8418B80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF37D28 Relevance: 6.1, APIs: 4, Instructions: 76timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(?,000000FF), ref: 6CF37D67
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF37D74
                                                                                                                                                                                                      • ?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(?,000000FF), ref: 6CF37D86
                                                                                                                                                                                                        • Part of subcall function 6CF37413: CreateTimerQueue.KERNEL32(00000001,?,?,00000000,?,00000000,71328D80,00000000,?,?), ref: 6CF3743B
                                                                                                                                                                                                        • Part of subcall function 6CF37413: std::exception::exception.LIBCMT(?,00000001,00000001,?,?,00000000), ref: 6CF37494
                                                                                                                                                                                                        • Part of subcall function 6CF37413: _CxxThrowException.MSVCR100(71328D80,6CF0C888,?,00000001,00000001,?,?,00000000), ref: 6CF374A9
                                                                                                                                                                                                      • DeleteTimerQueueTimer.KERNEL32(00000000,?,000000FF), ref: 6CF37D8C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timer$Concurrency@@QueueQueue@details@Shared$CreateDeleteErrorExceptionLastThrowstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3155262267-0
                                                                                                                                                                                                      • Opcode ID: 7e304d75a0164b69298e9b000e818bfee65e6f95c33b8d3b873fb7ab5a5d5d10
                                                                                                                                                                                                      • Instruction ID: 16e364955f2ce2a14f1e9c1f332840ac504b6d2fa40aed4ffe222b55b7803d83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e304d75a0164b69298e9b000e818bfee65e6f95c33b8d3b873fb7ab5a5d5d10
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0218631614624EFD7128E15DD80B2777F5EF81365B24961AE86D87A90D730EC00CBE0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4C9DF Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _mbspbrk.MSVCR100(?,6CF4CA98,?,00000000,6CF4BEF8,?,?,?,?,?,?,6CF27432), ref: 6CF4CA03
                                                                                                                                                                                                      • _match.LIBCMT ref: 6CF4CA10
                                                                                                                                                                                                      • _calloc_crt.MSVCR100(00000004,00000002,?,00000000,6CF4BEF8,?,?,?,?,?,?,6CF27432), ref: 6CF4CA44
                                                                                                                                                                                                      • free.MSVCR100(?,?,00000000,6CF4BEF8,?,?,?,?,?,?,6CF27432), ref: 6CF4CA80
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _calloc_crt_match_mbspbrkfree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 518297505-0
                                                                                                                                                                                                      • Opcode ID: 0368ab5591ed1c9049b3779facd4ed3ab2d84a9746488d16c95505def8d039cf
                                                                                                                                                                                                      • Instruction ID: 1dbbc5286d870bc73b5464dc3a04cbd38ed5aa11b46b1601116b7292f9fcf4dd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0368ab5591ed1c9049b3779facd4ed3ab2d84a9746488d16c95505def8d039cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA115736A50950CFC709EF5DD460109FFF0EB867A8335E51AD554D7A11E670DC498B40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4857D Relevance: 6.1, APIs: 4, Instructions: 68threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6CF4858A
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF485B7
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(6CF338A8,6CFA0C0C,?,?), ref: 6CF485C5
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?,?), ref: 6CF48622
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::unsupported_os::unsupported_osCurrentExceptionThreadThrowstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1840351702-0
                                                                                                                                                                                                      • Opcode ID: fd23bffe6c335b5646e8d6ec5b5ac0e4961ff0f6d6837db8a47452f32ceacf80
                                                                                                                                                                                                      • Instruction ID: 2a7cb3f130ebe744760f79f885772b540aadf1b92bc0e107b373d3ac79d91c92
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd23bffe6c335b5646e8d6ec5b5ac0e4961ff0f6d6837db8a47452f32ceacf80
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E21AE72604246AFCB11DFA5C8D49AEBFB4AF4032CB14886BD512D7A02D770E989CBD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40B00 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,?,?,?,?,6CF40A34,00000001,?,6CF40A54), ref: 6CF40B1E
                                                                                                                                                                                                      • QueryDepthSList.KERNEL32(00000148,?,?,?,?,6CF40A34,00000001,?,6CF40A54), ref: 6CF40B32
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,6CF40A34,00000001,?,6CF40A54), ref: 6CF40B54
                                                                                                                                                                                                      • InterlockedPushEntrySList.KERNEL32(00000148,-00000004,?,?,?,?,6CF40A34,00000001,?,6CF40A54), ref: 6CF40B6C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List$CloseDepthEntryHandleInterlockedPushQueryValue
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 94243546-0
                                                                                                                                                                                                      • Opcode ID: b51e555851a64697f45f234916a5a483a9ac06ec24f20d0a0ac148062a4540e9
                                                                                                                                                                                                      • Instruction ID: 747f40ed7d7a5304074392e3d49826f5fbca8304096324785b8c565df5273b78
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b51e555851a64697f45f234916a5a483a9ac06ec24f20d0a0ac148062a4540e9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34210B72A012549BDB10DF60D848F9E7BF8BF41319F145569E84AC7651CB74D908CB94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0CCBF Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock_file.MSVCR100(?,6CF0CD60,00000014), ref: 6CF0CD0C
                                                                                                                                                                                                        • Part of subcall function 6CF0A48D: _lock.MSVCR100(?,?,?,6CF56E10,00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF0A4BA
                                                                                                                                                                                                      • _fgetwc_nolock.MSVCR100(?,?,?,6CF0CD60,00000014), ref: 6CF0CD21
                                                                                                                                                                                                      • _errno.MSVCR100(6CF0CD60,00000014), ref: 6CF12A90
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF0CD60,00000014), ref: 6CF286B0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_fgetwc_nolock_invalid_parameter_noinfo_lock_lock_file
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3916178533-0
                                                                                                                                                                                                      • Opcode ID: a54fb238bb267ea201fce187844628b7d81ec0b751776b6ee7033e3605a1f37d
                                                                                                                                                                                                      • Instruction ID: 2b72ff365e9c5f9778f85bc30d96e4e537e5145f1916df323ab785a91300ab20
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a54fb238bb267ea201fce187844628b7d81ec0b751776b6ee7033e3605a1f37d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3711D371A06256DFCF206FA9C4A019E7BF0AF05718B21853BD535DAE40C3398545EBA2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0E348 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$NameName::
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 168861036-0
                                                                                                                                                                                                      • Opcode ID: 1b07f56a9877589123b2f7d014c50585105d45db984094812ca788601e185c0d
                                                                                                                                                                                                      • Instruction ID: f52e3c2066e71b64bf5d50da41b6c4ca1d7b5056e8dff6ab5b293778c1b137d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b07f56a9877589123b2f7d014c50585105d45db984094812ca788601e185c0d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB219F74B45348DECB10CB74C8B0AEDBFF4EF0AA04B64445DD0C597B40E630A989EB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF38F4E Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?), ref: 6CF38F6F
                                                                                                                                                                                                        • Part of subcall function 6CF735FA: std::exception::_Copy_str.LIBCMT(6CF42115,?,?,6CF42115,6CF41F83,?,6CF41F83,00000001), ref: 6CF73615
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C2C), ref: 6CF38F84
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF38FA2
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 6CF38FED
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::unsupported_os::unsupported_osCopy_strEventExceptionThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1689211050-0
                                                                                                                                                                                                      • Opcode ID: dcd5d9923228c96503206efa32ab01c2d702f1244a1bce21201f436f5b274eac
                                                                                                                                                                                                      • Instruction ID: f5c80bfcdc896429647a5cd4c0d88119adf140e7bd1c5b7f1072fb423f7a5b83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcd5d9923228c96503206efa32ab01c2d702f1244a1bce21201f436f5b274eac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61117C32900218BFCB04DF68D88099E7BB5EF45368B109067ED1ADBA11DB34EE49CBD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF421D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?), ref: 6CF42203
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0DC8), ref: 6CF42218
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF4223E
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF42257
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::unsupported_os::unsupported_os$ExceptionThrowstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3087931431-0
                                                                                                                                                                                                      • Opcode ID: 98e741645b1c475809f47c83bf2b284fbcd97779657df47687d9b4de71bc6298
                                                                                                                                                                                                      • Instruction ID: a781fb3ae4d92508bca98cd3f77e5683fdf9b6ec32e02e46821f309e81c5d304
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98e741645b1c475809f47c83bf2b284fbcd97779657df47687d9b4de71bc6298
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A111C136A01204EB9B14DFA8D4D8CDDBBB8AF45314321C237E525D3E52DBB29A458B51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0E344 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$NameName::
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 168861036-0
                                                                                                                                                                                                      • Opcode ID: 9a57ea617fc014d84b891656f936d011039e188b8126d79503adc41c17d00589
                                                                                                                                                                                                      • Instruction ID: cdfd88941711b3223c78739257357e671dd61dbd8a2028bb62f303c626364cee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a57ea617fc014d84b891656f936d011039e188b8126d79503adc41c17d00589
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35216DB5B45348DECB10CBA4C8A0AEDBFF4EB0A604F14446DE4C5E7B50E7309949EB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF465EF Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6CF46632
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF4663F
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF46657
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF46665
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventExceptionLastThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1394060424-0
                                                                                                                                                                                                      • Opcode ID: 59a89ebd713fbad8642cfa4376a709e1fe4a82f9f1eeb8ee3ebac3071815b506
                                                                                                                                                                                                      • Instruction ID: f0695632f2c6e2e5de253684e5cdb2d043a3b25e60096ea846320d1e2c0fd3be
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59a89ebd713fbad8642cfa4376a709e1fe4a82f9f1eeb8ee3ebac3071815b506
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3118CB1900704AFC320DF6AC884A57FBF8FF98214750892EF09AC7A11D734E849CB64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF10C66 Relevance: 6.1, APIs: 4, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _wcslen.LIBCMT(00000000,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF10C88
                                                                                                                                                                                                      • _wcslen.LIBCMT(00000000,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF10C9B
                                                                                                                                                                                                      • _wcsnicoll.MSVCR100(00000000,00000000,00000000,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF10CB8
                                                                                                                                                                                                      • ___mbtow_environ.LIBCMT ref: 6CF30865
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _wcslen$___mbtow_environ_wcsnicoll
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3727037093-0
                                                                                                                                                                                                      • Opcode ID: 18157eb78bdad0d44c145a397050307700954e57cd7d927b5e6edb3f5d40735d
                                                                                                                                                                                                      • Instruction ID: 40afb66c702907f908a8297fb4f99bdcb1883334f25601903574f18cbc5b368e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18157eb78bdad0d44c145a397050307700954e57cd7d927b5e6edb3f5d40735d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1201DB32B0D2A5E7CB108B69E840B4E77E99F42758B154426EC58D7E10EB71D454CFE0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF42133 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?), ref: 6CF42173
                                                                                                                                                                                                        • Part of subcall function 6CF735FA: std::exception::_Copy_str.LIBCMT(6CF42115,?,?,6CF42115,6CF41F83,?,6CF41F83,00000001), ref: 6CF73615
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(6CF33A50,6CFA0DAC,?), ref: 6CF42188
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(?,6CF33A50,6CFA0DAC,?), ref: 6CF42190
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?), ref: 6CF421BD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Policystd::exception::exception$Concurrency@@Copy_strElementExceptionKey@2@@Policy@SchedulerThrowValue@std::exception::_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2461868040-0
                                                                                                                                                                                                      • Opcode ID: 759ad7f21fa9159d328ea1f37449d42d7f0d81cb7187f96d31685314f00a0de4
                                                                                                                                                                                                      • Instruction ID: b61d93f075c8415f204987ec0885d393737ab64a0a1a0c990bae2990f48e963a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 759ad7f21fa9159d328ea1f37449d42d7f0d81cb7187f96d31685314f00a0de4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD118236A00108FB8B00DFA9D4849DEBF69AFD1254711C037E906E7701DB32EA498B91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40393 Relevance: 6.1, APIs: 4, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF4039A
                                                                                                                                                                                                        • Part of subcall function 6CF3B327: ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100 ref: 6CF3B349
                                                                                                                                                                                                      • ??0SchedulerPolicy@Concurrency@@QAA@IZZ.MSVCR100(?,00000000,6CFA55E0,0000000C,6CF40342,?,?,?,6CF3616E,?,6CF45442,00000004,6CF45D63,?,?,00000000), ref: 6CF403DD
                                                                                                                                                                                                      • memcpy.MSVCR100(?,?,00000024,6CFA55E0,0000000C,6CF40342,?,?,?,6CF3616E,?,6CF45442,00000004,6CF45D63,?,?), ref: 6CF403F8
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(?,?,6CF45442,00000004,6CF45D63,?,?,00000000,?,?,?,6CF45C6B,00000001), ref: 6CF40422
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency@@Spin$??3@H_prolog3Once@?$_Policy@SchedulerWait@$00@details@memcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3595554022-0
                                                                                                                                                                                                      • Opcode ID: 48ca7a37ee3659902266099bc58357beeed043391c36e9009b4f178740bf11b3
                                                                                                                                                                                                      • Instruction ID: d3ccb4c325a58cf4f0a12fc5fa3167d249d19d5d0748cc5b983289d2b93ca11a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48ca7a37ee3659902266099bc58357beeed043391c36e9009b4f178740bf11b3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14119E30B02251DFDF40CFE4D840BAEBBF1BF49708F204469E915EBA91DBB5A9048B49
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF11D44 Relevance: 6.1, APIs: 4, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strlen.LIBCMT(00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D62
                                                                                                                                                                                                      • _strlen.LIBCMT(00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D71
                                                                                                                                                                                                      • __fassign.LIBCMT(00000000,00000000,00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D8D
                                                                                                                                                                                                      • ___wtomb_environ.LIBCMT ref: 6CF3080F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$___wtomb_environ__fassign
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1283471604-0
                                                                                                                                                                                                      • Opcode ID: caad8697ba4339e6e577c851f53dd1b064422ba54cb0dd2496ed4724ded806db
                                                                                                                                                                                                      • Instruction ID: 5f03e26f3750d6d10e8c7310305b2c8758f4b618d93d1bda2997fb4c64f283fb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: caad8697ba4339e6e577c851f53dd1b064422ba54cb0dd2496ed4724ded806db
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF01F032D2D158A7CF218A69D454F9A77F8DF62758726841AFC58D7E10DB30D440CBD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4A955 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF4AB7A: GetCurrentThreadId.KERNEL32 ref: 6CF4ABA2
                                                                                                                                                                                                        • Part of subcall function 6CF4AB7A: swprintf.LIBCMT(?,00000401,[%d:%d:%d:%d(%d)] ,00000000,?,6CF4A924,?,?,000000F8), ref: 6CF4ABCC
                                                                                                                                                                                                        • Part of subcall function 6CF4AB7A: vswprintf_s.MSVCR100(00000401,00000401,?,?,?,00000002,?,6CF4A924,?,?,000000F8), ref: 6CF4ABEE
                                                                                                                                                                                                        • Part of subcall function 6CF4AB7A: _wcslen.LIBCMT(?,00000401,00000401,?,?,?,00000002,?,6CF4A924,?,?,000000F8), ref: 6CF4ABF4
                                                                                                                                                                                                      • _fwprintf.LIBCMT(6CFA3048,?), ref: 6CF4A9A1
                                                                                                                                                                                                        • Part of subcall function 6CF5481C: _errno.MSVCR100(6CF548A8,0000000C,6CF4A812,?), ref: 6CF54838
                                                                                                                                                                                                        • Part of subcall function 6CF5481C: _invalid_parameter_noinfo.MSVCR100(6CF548A8,0000000C,6CF4A812,?), ref: 6CF54843
                                                                                                                                                                                                      • __aullrem.LIBCMT ref: 6CF4A9B8
                                                                                                                                                                                                      • fflush.MSVCR100(00000032,00000000), ref: 6CF4A9D5
                                                                                                                                                                                                        • Part of subcall function 6CF0EEF1: _lock_file.MSVCR100(?,6CF0EF38,0000000C), ref: 6CF0EF0B
                                                                                                                                                                                                        • Part of subcall function 6CF0EEF1: _fflush_nolock.MSVCR100(?,6CF0EF38,0000000C), ref: 6CF0EF17
                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(?), ref: 6CF4A9E4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDebugOutputStringThread__aullrem_errno_fflush_nolock_fwprintf_invalid_parameter_noinfo_lock_file_wcslenfflushswprintfvswprintf_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3120632072-0
                                                                                                                                                                                                      • Opcode ID: 854f0fc278f4d337030cc0f127173ab7964a276c03741fac0a89701cf4c6e702
                                                                                                                                                                                                      • Instruction ID: 4d0a6f19877208385173a8bfdbc75bd3f2e030394727a6d8473866cfc1abe6b1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 854f0fc278f4d337030cc0f127173ab7964a276c03741fac0a89701cf4c6e702
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00118271E11209EFDF84CFA4E845B9E7BF8FB05708F50802AE41492591EF709D48CB54
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF04717 Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_memset_msizerealloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1728161066-0
                                                                                                                                                                                                      • Opcode ID: 4da5c39f66805f905ecd978a4af7f25d70e91530a09b236a13e750b76182fcf1
                                                                                                                                                                                                      • Instruction ID: e4febaab37cadb9c9f9b6e9e0f2879f7fa9b86a5579f386ffb08f48166bc5a75
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4da5c39f66805f905ecd978a4af7f25d70e91530a09b236a13e750b76182fcf1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95F049337042146FD7244D65ACE4DAB3F59EBD1A79B21453AF90886A40DB7198049590
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF13C55 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,00000000), ref: 6CF2AA85
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(00000000,00000000), ref: 6CF2AA90
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,00000000,00000000), ref: 6CF2AA99
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(00000000,00000000,00000000), ref: 6CF2AAA4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2959964966-0
                                                                                                                                                                                                      • Opcode ID: f84a9407a9c2b1eafdc669939b98f03fb591dc83dc3d2e5cee1fd5e1e08859e2
                                                                                                                                                                                                      • Instruction ID: 6fba29988b251880b84664479f02723000138b67ed4752dda6516a843378b467
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f84a9407a9c2b1eafdc669939b98f03fb591dc83dc3d2e5cee1fd5e1e08859e2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B11C431508159DFDB159FB4C4143DEBBF4BF41718F248599C4215BA90EBB98688CBD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF38729 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?), ref: 6CF3874A
                                                                                                                                                                                                        • Part of subcall function 6CF735FA: std::exception::_Copy_str.LIBCMT(6CF42115,?,?,6CF42115,6CF41F83,?,6CF41F83,00000001), ref: 6CF73615
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C2C), ref: 6CF3875F
                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?), ref: 6CF38770
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF38788
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::unsupported_os::unsupported_osCopy_strExceptionThrowValuestd::exception::_std::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3937123494-0
                                                                                                                                                                                                      • Opcode ID: 0dde45c2ac43fa0582dfd5a8b7c176b033c59803670e82e9f2d202a199a891ea
                                                                                                                                                                                                      • Instruction ID: b03cb174444600a7ee7fb1aa89eebd30e0df12e1bb5afc427d13eb2d559a2935
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0dde45c2ac43fa0582dfd5a8b7c176b033c59803670e82e9f2d202a199a891ea
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0901D836A00225BFC700DFA5D4C9C8EB7BAAF482547159527E919DBA00DB34D909CBE0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF38C8E Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF40376: TlsGetValue.KERNEL32(6CF45BA3,?,00000000,?,6CF35C77,00000001), ref: 6CF4037C
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 6CF38CE0
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF38CF2
                                                                                                                                                                                                        • Part of subcall function 6CF36B38: _memset.LIBCMT(?,00000000,0000003E,00000002,?), ref: 6CF36B57
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C80), ref: 6CF38D00
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT ref: 6CF38D08
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::unsupported_os::unsupported_os$EventExceptionThrowValue_memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3607046972-0
                                                                                                                                                                                                      • Opcode ID: f2567be25472786bfc56f20ba916b471f3e89043afa9c7904356198521552e56
                                                                                                                                                                                                      • Instruction ID: 0127bccde1dcbcdf48dab904f866aa967830b48ac29c6eec1611f5f8884d1c1e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2567be25472786bfc56f20ba916b471f3e89043afa9c7904356198521552e56
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 850147B0901260BBD710A774D844E8ABBB4EB81358F10561BE86AE3A91DB75E80AC7C0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF47D4F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6CF47D79
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000), ref: 6CF47D86
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000,00000000), ref: 6CF47D9E
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000,?,00000000,00000000), ref: 6CF47DAC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventExceptionLastThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1394060424-0
                                                                                                                                                                                                      • Opcode ID: 4ca8e6392424510ef790cef576809ab3e3b48f8822ccda14ef0ceb3da9109075
                                                                                                                                                                                                      • Instruction ID: cfd3e030dda965af94424803d4f6fd9f0d4dd5e455445eddfaa807709cd5a2ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ca8e6392424510ef790cef576809ab3e3b48f8822ccda14ef0ceb3da9109075
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D601DEF1500715AFD7209F6A8CC4967FAFCFB142447948D3EA19AD2A41D735E948CBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF37DE9 Relevance: 6.0, APIs: 4, Instructions: 46timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(?,00000000), ref: 6CF37E10
                                                                                                                                                                                                        • Part of subcall function 6CF37413: CreateTimerQueue.KERNEL32(00000001,?,?,00000000,?,00000000,71328D80,00000000,?,?), ref: 6CF3743B
                                                                                                                                                                                                        • Part of subcall function 6CF37413: std::exception::exception.LIBCMT(?,00000001,00000001,?,?,00000000), ref: 6CF37494
                                                                                                                                                                                                        • Part of subcall function 6CF37413: _CxxThrowException.MSVCR100(71328D80,6CF0C888,?,00000001,00000001,?,?,00000000), ref: 6CF374A9
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF37E1D
                                                                                                                                                                                                      • ?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR100(?,00000000), ref: 6CF37E2F
                                                                                                                                                                                                      • DeleteTimerQueueTimer.KERNEL32(00000000,?,00000000), ref: 6CF37E35
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Timer$Concurrency@@QueueQueue@details@Shared$CreateDeleteErrorExceptionLastThrowstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3155262267-0
                                                                                                                                                                                                      • Opcode ID: edc49e370bf64be76f5842c78db715ac7f33d7fc6c5c0a772df5afc3e681550f
                                                                                                                                                                                                      • Instruction ID: 849e7de88f6a2a05ff2bff8d9e9808fe525925db931156d4df25211ee73f8ae6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: edc49e370bf64be76f5842c78db715ac7f33d7fc6c5c0a772df5afc3e681550f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83014932210724EFD7245B54DD85F9B73B8EF45334F101A2AE56A879C0DB21FC058AD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF40A81 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF40376: TlsGetValue.KERNEL32(6CF45BA3,?,00000000,?,6CF35C77,00000001), ref: 6CF4037C
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT(?,00000000,?,?,?,00000000), ref: 6CF40AA0
                                                                                                                                                                                                        • Part of subcall function 6CF38154: std::exception::exception.LIBCMT(00000000,00000000,?,?,6CF40AA5,?), ref: 6CF38168
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0D68,?,00000000,?,?,?,00000000), ref: 6CF40AAE
                                                                                                                                                                                                        • Part of subcall function 6CF186E8: RaiseException.KERNEL32(?,?,6CF2F30F,?,?,?,?,?,6CF2F30F,?,6CF0C888,6CFA8518), ref: 6CF18727
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000), ref: 6CF40AC9
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,?,00000000), ref: 6CF40AF4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Value$Exception$Concurrency::unsupported_os::unsupported_osRaiseThrowstd::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1973407479-0
                                                                                                                                                                                                      • Opcode ID: cc0167859f8b38a4857bd9be5a24ae9ed0b18d9f03a50a61de03fe1f91254257
                                                                                                                                                                                                      • Instruction ID: c4a856b9e63494dd99a2ba5afc7af382ef3e3c3d412e1947dbb1455187691e66
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc0167859f8b38a4857bd9be5a24ae9ed0b18d9f03a50a61de03fe1f91254257
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75014231A00294ABCB15ABB4D808B8DBBB4EF89358F01452BE01283610DFB0E9088B84
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF48F90 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR100(?), ref: 6CF48FAF
                                                                                                                                                                                                        • Part of subcall function 6CF35B0B: _SpinWait.LIBCMT(00000FA0), ref: 6CF35B27
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 6CF48FC7
                                                                                                                                                                                                      • InterlockedPushEntrySList.KERNEL32(?,?), ref: 6CF48FE3
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 6CF49002
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Spin$Event$Concurrency@@EntryInterlockedListOnce@?$_PushWaitWait@$00@details@
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 470319525-0
                                                                                                                                                                                                      • Opcode ID: 654aa4baa91937f3f3591814f3df820c451863203702918efe4a0f201923fd06
                                                                                                                                                                                                      • Instruction ID: a83b53ac9205f3370a906d1c6c6e8e5129583c21b05a4dde3ac0ca018bb2ccac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 654aa4baa91937f3f3591814f3df820c451863203702918efe4a0f201923fd06
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94017C72600614AFCB249B65D9447CABBF9BF55329F018569D417D2902E730E519CBC0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF404E8 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?), ref: 6CF40503
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: std::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2807920213-0
                                                                                                                                                                                                      • Opcode ID: c6dbfc2c68378333dc9d414746b7a29183619f5e1d736c47779721efe6c74aa7
                                                                                                                                                                                                      • Instruction ID: 0e5aa0d168658d36c39c4a8e05636bd1d7ff98ab19ac4f0324801ad5439d45e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6dbfc2c68378333dc9d414746b7a29183619f5e1d736c47779721efe6c74aa7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF01213110A3C4AECB018BB088146CDBF70AF23218B1881ABD881D3A73C7B94908E3A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF52915 Relevance: 6.0, APIs: 4, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(00000000,00000000,?,6CF52A8B,?,000000FF,?,00000000,00000000), ref: 6CF52922
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(00000000,00000000,?,6CF52A8B,?,000000FF,?,00000000,00000000), ref: 6CF5292D
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • free.MSVCR100(00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6CF52971
                                                                                                                                                                                                      • free.MSVCR100(00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6CF52979
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free$_errno_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4554520-0
                                                                                                                                                                                                      • Opcode ID: bbaea61f35699b910afdf5c427fd488fe7d3bee414ba5a70c3d098de6b4e04ed
                                                                                                                                                                                                      • Instruction ID: b4be3cfafd09f37dfcce35db834930db52caa51186b1c67042992b2948da3109
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbaea61f35699b910afdf5c427fd488fe7d3bee414ba5a70c3d098de6b4e04ed
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9101317590010CFFCF015F94CC05ADD7AA9EF14768F514254F929666A0E772CB68EBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0C669 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 6CF0C670
                                                                                                                                                                                                      • __AdjustPointer.MSVCR100(00000000,?,00000004,6CF0C791,00000000,?), ref: 6CF0C69F
                                                                                                                                                                                                      • __AdjustPointer.MSVCR100(00000000,?,00000001,00000004,6CF0C791,00000000,?), ref: 6CF271F7
                                                                                                                                                                                                      • memcpy.MSVCR100(?,00000000,00000003,00000004,6CF0C791,00000000,?,?,?), ref: 6CF2721D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AdjustPointer$H_prolog3_catchmemcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 738859832-0
                                                                                                                                                                                                      • Opcode ID: fc173a50fe168764d58f5448b4d3a045f4fc9a038acdfd7d2eeb4d2a4fe9f893
                                                                                                                                                                                                      • Instruction ID: ed69cfdf6351e6890bd7e9591be9111577418077784ddf3484275704b3f08ae8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc173a50fe168764d58f5448b4d3a045f4fc9a038acdfd7d2eeb4d2a4fe9f893
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1018672104108FFEF216F50DC10BDA7775EF00718F144415FD54559B0CB72A999FA66
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF1235F Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32(00000000,6CF30857,?,00000000,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF12362
                                                                                                                                                                                                      • _malloc_crt.MSVCR100(00000002,?,?,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF12391
                                                                                                                                                                                                      • memcpy.MSVCR100(00000000,00000000,00000002,?,?,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF123A0
                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,6CF10D27,?,6CF10D48,0000000C), ref: 6CF123A9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnvironmentStrings$Free_malloc_crtmemcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 202606007-0
                                                                                                                                                                                                      • Opcode ID: cf5e0d58758d6f46deb390063b1c03ce6ac478afc528b87f3314b99d7302c573
                                                                                                                                                                                                      • Instruction ID: 423bb8057947141a415a475bffce7aba141f7fdd11ca74bc627fb169eed2281f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf5e0d58758d6f46deb390063b1c03ce6ac478afc528b87f3314b99d7302c573
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FF0A7BBA091556ADF246BB5BC4989B273CDFC336D33A0616F415C3A40F762C945C2A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF47C75 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF47CAD
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF47CC5
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF47CD3
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(?), ref: 6CF47CE0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ??3@Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2208055260-0
                                                                                                                                                                                                      • Opcode ID: 685f0e179c03e5fe94b2eb3a5057b68aa80588753a47d08a12b22c9cb05680bb
                                                                                                                                                                                                      • Instruction ID: ca55e61e7253974fb90089afb1a0d86787cd372c1330170bb27f86cc0ddbf02d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 685f0e179c03e5fe94b2eb3a5057b68aa80588753a47d08a12b22c9cb05680bb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7801A4B1A10215AFCB10DFE5CC40ADEBBB8BF48308F018526E415E3741DB78E609CB94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4AAE1 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,-00000018,6CF40EC3,00010000,6CF40EB1,?), ref: 6CF4AB1D
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF4AB27
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF4AB3F
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF4AB4D
                                                                                                                                                                                                        • Part of subcall function 6CF4AA54: GetModuleHandleA.KERNEL32(00000000), ref: 6CF4AA6B
                                                                                                                                                                                                        • Part of subcall function 6CF4AA54: GetModuleFileNameW.KERNEL32(6CEF0000,?,00000104), ref: 6CF4AA87
                                                                                                                                                                                                        • Part of subcall function 6CF4AA54: LoadLibraryW.KERNEL32(?), ref: 6CF4AA98
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Module$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorExceptionFileHandleLastLibraryLoadNameThreadThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 488853443-0
                                                                                                                                                                                                      • Opcode ID: 2e4a28607ee926aae5fee7d85a5c1b1a00b572ffea6a1ab1e551bb6a9c720232
                                                                                                                                                                                                      • Instruction ID: 30156b63158b21a5ce7ec99ea3d279850c74cb6965ca271df7fceaae79883be6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e4a28607ee926aae5fee7d85a5c1b1a00b572ffea6a1ab1e551bb6a9c720232
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6F0CD31204249ABDF099FA4CC06BAE3B79BF05308F154039F91AD6951DB35CD26ABA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF48052 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF48059
                                                                                                                                                                                                        • Part of subcall function 6CF490AB: InterlockedFlushSList.KERNEL32(?,?,6CF4807B,00000000,6CF48DE4,00000000,?,?,00000100), ref: 6CF490C6
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,00000000,6CF48DE4,00000000,?,?,00000100), ref: 6CF4808C
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,00000000,6CF48DE4,00000000,?,?,00000100), ref: 6CF48099
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(?,?,00000000,6CF48DE4,00000000,?,?,00000100), ref: 6CF480BE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle$??3@FlushH_prolog3InterlockedList
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3972622424-0
                                                                                                                                                                                                      • Opcode ID: 1b5c4cdbb14fa7dc04b7c2dede5d9471f2346eac59c12bcf10e910494f8bc2e4
                                                                                                                                                                                                      • Instruction ID: ab3d44657ad51bc9b200b475edc9b295b7b2401630b8baaf4cedae8e11064f4e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b5c4cdbb14fa7dc04b7c2dede5d9471f2346eac59c12bcf10e910494f8bc2e4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B018171711705ABDB109BB8C890B9E7BB46F48614F108909E455EB740CB35E5459BA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF11CC0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _strnlen.LIBCMT(?,00007FFF,6CF11D28,00000010), ref: 6CF11CE5
                                                                                                                                                                                                      • _lock.MSVCR100(00000007,6CF11D28,00000010), ref: 6CF11CFA
                                                                                                                                                                                                        • Part of subcall function 6CF00910: EnterCriticalSection.KERNEL32(00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0092B
                                                                                                                                                                                                        • Part of subcall function 6CF11D44: _strlen.LIBCMT(00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D62
                                                                                                                                                                                                        • Part of subcall function 6CF11D44: _strlen.LIBCMT(00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D71
                                                                                                                                                                                                        • Part of subcall function 6CF11D44: __fassign.LIBCMT(00000000,00000000,00000000,?,00007FFF,?,6CF11D0C,?,6CF11D28,00000010), ref: 6CF11D8D
                                                                                                                                                                                                        • Part of subcall function 6CF11CB7: _unlock.MSVCR100(00000007,6CF11D1C,6CF11D28,00000010), ref: 6CF11CB9
                                                                                                                                                                                                      • _errno.MSVCR100(6CF11D28,00000010), ref: 6CF3082F
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF11D28,00000010), ref: 6CF3083A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _strlen$CriticalEnterSection__fassign_errno_invalid_parameter_noinfo_lock_strnlen_unlock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3718102437-0
                                                                                                                                                                                                      • Opcode ID: 294a4ae4930bebd2df491b986c887a106a218289d4f4fbb38f282abfef559cd4
                                                                                                                                                                                                      • Instruction ID: 67750d6a0ee19565160b395dcb65b16d5e9ee5a5340a7234e6872618badb58f0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 294a4ae4930bebd2df491b986c887a106a218289d4f4fbb38f282abfef559cd4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDF09031A1421AEAEF005F74DC017DE36A0AF10768F208435A418DAFD0DFB8C584E694
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF46D10 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF46D17
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000008,6CF49139), ref: 6CF46D29
                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCR100(00000038), ref: 6CF46D51
                                                                                                                                                                                                        • Part of subcall function 6CF3B72F: __EH_prolog3.LIBCMT ref: 6CF3B736
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6CF46D71
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalH_prolog3Section$??2@EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3492688627-0
                                                                                                                                                                                                      • Opcode ID: e1b67557d32d7d751fc7222ae0f991f0f824b64f73097b15ddc56612f30e355b
                                                                                                                                                                                                      • Instruction ID: 5609ed014f135049a8da015874a0857b9e56b32e86623fcaa6dbb4cfdf56ee81
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e1b67557d32d7d751fc7222ae0f991f0f824b64f73097b15ddc56612f30e355b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7F0AFB0A04744DEEB60CFB4C94979EBAF4AB0074DF10D82DE065D6E81CBB48548DB21
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF008D2 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo_memmove
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3898388434-0
                                                                                                                                                                                                      • Opcode ID: e9982ba919b5cd3db2891b3bdaf6a90660425bbe22dff51734183ff52d4c84de
                                                                                                                                                                                                      • Instruction ID: f1e8e481890c11b7bbaec547fd9bf135fab768c55fe6450837b33f0d658f2282
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9982ba919b5cd3db2891b3bdaf6a90660425bbe22dff51734183ff52d4c84de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EBF0E272306249EFEB215E98AC08BDA37E8FF45B58F004026F8188BA50DFB4C944C6A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF12073 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _lock.MSVCR100(00000007,6CF120C8,0000000C), ref: 6CF12091
                                                                                                                                                                                                        • Part of subcall function 6CF00910: EnterCriticalSection.KERNEL32(00000001,00000001,?,6CF01EE5,0000000D), ref: 6CF0092B
                                                                                                                                                                                                        • Part of subcall function 6CF121F3: wcsnlen.MSVCR100(?,00007FFF,?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF1221D
                                                                                                                                                                                                        • Part of subcall function 6CF121F3: wcsnlen.MSVCR100(?,00007FFF,?,00007FFF,?,?,?,00000007,00000007,?,6CF120A6,?,?,6CF120C8,0000000C), ref: 6CF12228
                                                                                                                                                                                                        • Part of subcall function 6CF121F3: _calloc_crt.MSVCR100(00000002,00000002), ref: 6CF12247
                                                                                                                                                                                                        • Part of subcall function 6CF121F3: wcscpy_s.MSVCR100(00000000,00000002,?), ref: 6CF1225E
                                                                                                                                                                                                        • Part of subcall function 6CF121F3: wcscpy_s.MSVCR100(?,00000002,?,00000000,00000002,?), ref: 6CF1227B
                                                                                                                                                                                                        • Part of subcall function 6CF121F3: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CF122B9
                                                                                                                                                                                                        • Part of subcall function 6CF121F3: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CF122D5
                                                                                                                                                                                                        • Part of subcall function 6CF121F3: _calloc_crt.MSVCR100(00000000,00000001), ref: 6CF122E2
                                                                                                                                                                                                      • _errno.MSVCR100(6CF120C8,0000000C), ref: 6CF3109A
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF120C8,0000000C), ref: 6CF310A4
                                                                                                                                                                                                      • _errno.MSVCR100(6CF120C8,0000000C), ref: 6CF310B0
                                                                                                                                                                                                        • Part of subcall function 6CF1206A: _unlock.MSVCR100(00000007,6CF120BF,6CF120C8,0000000C), ref: 6CF1206C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ByteCharMultiWide_calloc_crt_errnowcscpy_swcsnlen$CriticalEnterSection_invalid_parameter_noinfo_lock_unlock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 813033701-0
                                                                                                                                                                                                      • Opcode ID: 56ecc5516d43c1a82acbbbc07d9616a9889e85a324c012e9a916a4f658913748
                                                                                                                                                                                                      • Instruction ID: 426d95cca92cfe76b19c5875412a37504ecaced89f7846bd49f4c3241ebf22cb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56ecc5516d43c1a82acbbbc07d9616a9889e85a324c012e9a916a4f658913748
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11F09071748645EEEB11AFB8C8157CE33A0BF02B28F108215E0149BF90DFBAC645EB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF35C39 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ.MSVCR100 ref: 6CF35C59
                                                                                                                                                                                                        • Part of subcall function 6CF44F04: ?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ.MSVCR100(?,?,?,?,?,?,?,6CF35C5E), ref: 6CF44F50
                                                                                                                                                                                                      • __uncaught_exception.MSVCR100 ref: 6CF35C5E
                                                                                                                                                                                                      • Concurrency::unsupported_os::unsupported_os.LIBCMT(00000001), ref: 6CF35C84
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(6CF35C99,6CFA0BB8,00000001), ref: 6CF35C92
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Collection@details@Concurrency@@StructuredTask$Abort@_Cancel@_Concurrency::unsupported_os::unsupported_osExceptionThrow__uncaught_exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 176145414-0
                                                                                                                                                                                                      • Opcode ID: 5a94fa50224c3bf454410011efcd3cfa8a32828f53093a605cba9f62c0d51230
                                                                                                                                                                                                      • Instruction ID: b4cad1525fc298b64a63d5e0ed73203b3ddd3ebd56c7f2810b217842c9531109
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a94fa50224c3bf454410011efcd3cfa8a32828f53093a605cba9f62c0d51230
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62F02730900314BACF00D6B18201BCC77A49FC26CCF14949B84086BE42CB36D40FCE94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF38E6F Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF38E76
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,00000004,6CF38BAA), ref: 6CF38EA0
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,00000004,6CF38BAA), ref: 6CF38EB4
                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCR100(?), ref: 6CF38EE4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandle$??3@H_prolog3
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 236738836-0
                                                                                                                                                                                                      • Opcode ID: d4e87b5ad6cb302c96ae608b793bd756cd0f7b719a6bfec03fb47f60c7d47c9e
                                                                                                                                                                                                      • Instruction ID: 311310f1e67e44fd2a911e46959708acfe822d0ff547cf7b2c5097f7291852fe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4e87b5ad6cb302c96ae608b793bd756cd0f7b719a6bfec03fb47f60c7d47c9e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87F062B1A00B109BD7209FB0C89079A73F4BF0061AF60880DD4ADDB791CF78E8499BA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3C658 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 6CF3C65F
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000008,6CF387A6), ref: 6CF3C671
                                                                                                                                                                                                        • Part of subcall function 6CF3893C: TlsSetValue.KERNEL32(?,?), ref: 6CF38967
                                                                                                                                                                                                        • Part of subcall function 6CF3893C: GetCurrentThread.KERNEL32 ref: 6CF38993
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6CF3C6AC
                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 6CF3C6BB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CurrentEnterEventH_prolog3LeaveThreadValue
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2643705923-0
                                                                                                                                                                                                      • Opcode ID: a1458116c71a0a2969386c30c4a7ae37d711abbca25d0f511797aa56f00f04d2
                                                                                                                                                                                                      • Instruction ID: a25798955e6152f4219a1fdcb1f0e883c5112b05e29f675b49a31829ac00fc77
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1458116c71a0a2969386c30c4a7ae37d711abbca25d0f511797aa56f00f04d2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90F0C271A00228EBCF01AFA4C5483CC7BB46F41309F14A199D449ABA91CB76CD09CB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF0C9C1 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$_invalid_parameter_noinfo_wfsopen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 972587971-0
                                                                                                                                                                                                      • Opcode ID: 80a578632935dee6ef77630ccfa365ade4c2e455c04d7789f8367b117b433f30
                                                                                                                                                                                                      • Instruction ID: 90b79acf935fa38dcaf5c478322939757937eef0e14e42eff593fcec81b5cef3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80a578632935dee6ef77630ccfa365ade4c2e455c04d7789f8367b117b433f30
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CE09232745619EBDB216F58AC10BCA3B98AF45F58B018021F854ABB10DFB1D915A7E1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF4235D Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000002), ref: 6CF4236A
                                                                                                                                                                                                        • Part of subcall function 6CF420F1: std::exception::exception.LIBCMT(6CF41F83,?,6CF41F83,00000001), ref: 6CF42110
                                                                                                                                                                                                        • Part of subcall function 6CF420F1: _CxxThrowException.MSVCR100(?,6CFA0DAC,6CF41F83), ref: 6CF42125
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?,00000008,00000002), ref: 6CF42382
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0DC8,?,00000008,00000002), ref: 6CF42397
                                                                                                                                                                                                      • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR100(00000008,00000002), ref: 6CF423A1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Policy$Concurrency@@ElementExceptionKey@2@@Policy@SchedulerThrowValue@std::exception::exception
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1427302437-0
                                                                                                                                                                                                      • Opcode ID: 54d71859fee8c3093f7e7b979e7d93cd9f59be0d85e9418f52df3ecaa663141a
                                                                                                                                                                                                      • Instruction ID: 286e01e0fec7db37646f6b9e8fe599439dd4614d7476784122cbe301623b89cd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54d71859fee8c3093f7e7b979e7d93cd9f59be0d85e9418f52df3ecaa663141a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6F08232A44208BACB04DF99D445EDEBBB86F44348F11C026ED06E7641EF70EA49CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF56DDB Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.MSVCR100(6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF56DF3
                                                                                                                                                                                                      • _invalid_parameter_noinfo.MSVCR100(6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF56DFE
                                                                                                                                                                                                        • Part of subcall function 6CF7AF7E: _invalid_parameter.MSVCR100(00000000,00000000,00000000,00000000,00000000,6CF4B6CF,?,6CF4C24B,00000003,6CF274A4,6CF0A948,0000000C,6CF274F7,00000001,00000001), ref: 6CF7AF85
                                                                                                                                                                                                      • _lock_file.MSVCR100(00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF56E0B
                                                                                                                                                                                                      • _ungetc_nolock.MSVCR100(?,00000040,6CF56E48,0000000C,6CF28676,00000000,?), ref: 6CF56E1B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno_invalid_parameter_invalid_parameter_noinfo_lock_file_ungetc_nolock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3962069902-0
                                                                                                                                                                                                      • Opcode ID: f3c75567af8c52162e4368a5de73557e6aeeb8e466c539116423a110f13536f0
                                                                                                                                                                                                      • Instruction ID: c77e8b9aac7cf5fa3b76e6fab0edd531c94afe1deb0cf799f539a4288742d078
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3c75567af8c52162e4368a5de73557e6aeeb8e466c539116423a110f13536f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F08232A01605EBDB015F74D8016CE37A0AF00339F50C215B034D9BE0DF748555AB14
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF46F18 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(?,?), ref: 6CF46F32
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CF46F3C
                                                                                                                                                                                                      • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6CF46F54
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0C48,00000000), ref: 6CF46F62
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastPriorityThreadThrow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 152467346-0
                                                                                                                                                                                                      • Opcode ID: 5d6d481b9b2360a1f716ca2fcfc37edae1aeb9e093f0263b1dee817d3a975769
                                                                                                                                                                                                      • Instruction ID: 5d08eafd6c3c83a213e87311537c4160c3c06e20f16da034bc9d7943a44ef4f9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d6d481b9b2360a1f716ca2fcfc37edae1aeb9e093f0263b1dee817d3a975769
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0F0A771610205AFD714DF64C804E6A3B78BF50314B108529B459D2711EB34D905C690
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF00D39 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __aulldvrm_mbtowc_l
                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                      • API String ID: 1725609986-1997036262
                                                                                                                                                                                                      • Opcode ID: c84c7eed95328f583e4ae2d4af7a22d42c1cfbbfc394d631a35b47036831e72f
                                                                                                                                                                                                      • Instruction ID: 1ad15ee7d681011e6e5cf88cc6ceed73b8fd5da1bf421b9def629bb77788e106
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c84c7eed95328f583e4ae2d4af7a22d42c1cfbbfc394d631a35b47036831e72f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02B19FB2B0462DCADB208F14CDA07D9B3B0AB45B1DF1482E9D748A7681D770DAC5EF58
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF7CC0C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 6CF7CCF8
                                                                                                                                                                                                      • __DestructExceptionObject.MSVCR100(?,00000001), ref: 6CF7CD0A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CurrentDestructExceptionImageNonwritableObject
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 574919218-1018135373
                                                                                                                                                                                                      • Opcode ID: 59e4bab0fd7f81f10940c7bccb419b0566aab9d94e921c07bd59e34e196bb388
                                                                                                                                                                                                      • Instruction ID: 8bfa27f51322befba1be02f41458d1c1bee4aa9d8cb9e3c5139f9bd8a09fba3f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59e4bab0fd7f81f10940c7bccb419b0566aab9d94e921c07bd59e34e196bb388
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 965194346002459FDB24DF69D494AAEB7B1FF88328F24855EEC669B791CB30E941CF60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3AF92 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6CF3614A: TlsGetValue.KERNEL32(?,6CF45442,00000004,6CF45D63,?,?,00000000,?,?,?,6CF45C6B,00000001), ref: 6CF3615F
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(?), ref: 6CF3AFC4
                                                                                                                                                                                                        • Part of subcall function 6CF735FA: std::exception::_Copy_str.LIBCMT(6CF42115,?,?,6CF42115,6CF41F83,?,6CF41F83,00000001), ref: 6CF73615
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(?,6CFA0CE0,?), ref: 6CF3AFD9
                                                                                                                                                                                                        • Part of subcall function 6CF186E8: RaiseException.KERNEL32(?,?,6CF2F30F,?,?,?,?,?,6CF2F30F,?,6CF0C888,6CFA8518), ref: 6CF18727
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Lock already taken as a writer, xrefs: 6CF3AFBD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception$Copy_strRaiseThrowValuestd::exception::_std::exception::exception
                                                                                                                                                                                                      • String ID: Lock already taken as a writer
                                                                                                                                                                                                      • API String ID: 323788321-3737755527
                                                                                                                                                                                                      • Opcode ID: 6d191cf0867a2522e8ccb3bd713a24f7db3d7a2d8d0856e9f98926f6a766a0d4
                                                                                                                                                                                                      • Instruction ID: 4fdb32fabbf3fef95c373d8c5dbd674a5513a98305885e75b9c11aafd72aafa1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d191cf0867a2522e8ccb3bd713a24f7db3d7a2d8d0856e9f98926f6a766a0d4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30210771900625AFCB11CFA4C894BDAF3B0FF44368F104A59D03AAB650CB34E94ACBD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 6CF3C4C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::exception::exception.LIBCMT(6CF3C51C), ref: 6CF3C4E0
                                                                                                                                                                                                      • _CxxThrowException.MSVCR100(00010000,6CFA0C0C,6CF3C51C), ref: 6CF3C4F5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000002.00000002.2115828197.000000006CEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CEF0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115812845.000000006CEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115927412.000000006CFA4000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115949618.000000006CFA6000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000002.00000002.2115966551.000000006CFA9000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_6cef0000_unpack200.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionThrowstd::exception::exception
                                                                                                                                                                                                      • String ID: version
                                                                                                                                                                                                      • API String ID: 4279132481-3206337475
                                                                                                                                                                                                      • Opcode ID: 45eacac63e37092ded260041e2b75528635c80b16127771d5ecc84cf2cef8ad9
                                                                                                                                                                                                      • Instruction ID: 6811a473a5a6e602e67eed99acf2895932c42dfcac34462225f2849b335d76b7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45eacac63e37092ded260041e2b75528635c80b16127771d5ecc84cf2cef8ad9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9F03972400228BACB00EF44D446BDD7B78AB54388F10E21AB81E97950DB70D689CFE1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%