Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Rendeles_042024,jpg.scr.exe

Overview

General Information

Sample name:Rendeles_042024,jpg.scr.exe
Analysis ID:1433163
MD5:f9a9054852e6529e9e3d8b392241601c
SHA1:e96482de839c1fe063982ef64d6d930312054ea6
SHA256:96c18fdcc302306d493535b0c90413892759a61925bcb3cf2f0d1a1cbbac554e
Tags:exeHUN
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Rendeles_042024,jpg.scr.exe (PID: 2884 cmdline: "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe" MD5: F9A9054852E6529E9E3D8B392241601C)
    • Rendeles_042024,jpg.scr.exe (PID: 2260 cmdline: "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe" MD5: F9A9054852E6529E9E3D8B392241601C)
    • Rendeles_042024,jpg.scr.exe (PID: 2140 cmdline: "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe" MD5: F9A9054852E6529E9E3D8B392241601C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.woxi.cz", "Username": "poklopservis@woxi.cz", "Password": "88RkoRO35"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000002.3249220624.000000000302D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000004.00000002.3249220624.0000000003035000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000000.00000002.2022036675.0000000007BB0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              Click to see the 12 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Rendeles_042024,jpg.scr.exe.7bb0000.13.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.Rendeles_042024,jpg.scr.exe.7bb0000.13.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                      4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                        Click to see the 18 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Suspicious Outbound SMTP Connections
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.93.220.4, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe, Initiated: true, ProcessId: 2140, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49710

                        Snort Signatures

                        Timestamp:04/29/24-10:17:57.586988
                        SID:2840032
                        Source Port:49710
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:04/29/24-10:17:57.524587
                        SID:2030171
                        Source Port:49710
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:04/29/24-10:17:57.586988
                        SID:2851779
                        Source Port:49710
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:04/29/24-10:17:57.586988
                        SID:2855542
                        Source Port:49710
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:04/29/24-10:17:57.586988
                        SID:2855245
                        Source Port:49710
                        Destination Port:587
                        Protocol:TCP
                        Classtype:A Network Trojan was detected

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus / Scanner detection for submitted sample
                        Source: Rendeles_042024,jpg.scr.exeAvira: detected
                        Found malware configuration
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.woxi.cz", "Username": "poklopservis@woxi.cz", "Password": "88RkoRO35"}
                        Multi AV Scanner detection for submitted file
                        Source: Rendeles_042024,jpg.scr.exeReversingLabs: Detection: 52%
                        Source: Rendeles_042024,jpg.scr.exeVirustotal: Detection: 50%Perma Link
                        Machine Learning detection for sample
                        Source: Rendeles_042024,jpg.scr.exeJoe Sandbox ML: detected

                        Compliance

                        barindex
                        Detected unpacking (overwrites its own PE header)
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeUnpacked PE file: 0.2.Rendeles_042024,jpg.scr.exe.d30000.0.unpack
                        Source: Rendeles_042024,jpg.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49707 version: TLS 1.2
                        Source: Rendeles_042024,jpg.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_0302EB08
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4x nop then push dword ptr [ebp-24h]0_2_0302F4A0
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_0302F4A0
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4x nop then xor edx, edx0_2_0302F3D8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4x nop then push dword ptr [ebp-20h]0_2_0302F180
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_0302F180
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]0_2_0316B648
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]0_2_03169B6C

                        Networking

                        barindex
                        Snort IDS alert for network traffic
                        Source: TrafficSnort IDS: 2855542 ETPRO TROJAN Agent Tesla CnC Exfil Activity 192.168.2.5:49710 -> 77.93.220.4:587
                        Source: TrafficSnort IDS: 2855245 ETPRO TROJAN Agent Tesla Exfil via SMTP 192.168.2.5:49710 -> 77.93.220.4:587
                        Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.5:49710 -> 77.93.220.4:587
                        Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.5:49710 -> 77.93.220.4:587
                        Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.5:49710 -> 77.93.220.4:587
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: 4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, type: UNPACKEDPE
                        Source: global trafficTCP traffic: 192.168.2.5:49710 -> 77.93.220.4:587
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                        Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                        Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                        Source: Joe Sandbox ViewASN Name: MASTER-ASCzechRepublicwwwmasterczCZ MASTER-ASCzechRepublicwwwmasterczCZ
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: unknownDNS query: name: api.ipify.org
                        Source: unknownDNS query: name: api.ipify.org
                        Source: unknownDNS query: name: api.ipify.org
                        Source: unknownDNS query: name: ip-api.com
                        Source: global trafficTCP traffic: 192.168.2.5:49710 -> 77.93.220.4:587
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                        Source: global trafficDNS traffic detected: DNS query: ip-api.com
                        Source: global trafficDNS traffic detected: DNS query: mail.woxi.cz
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.000000000302D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.woxi.cz
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                        Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49707 version: TLS 1.2

                        Key, Mouse, Clipboard, Microphone and Screen Capturing

                        barindex
                        Contains functionality to log keystrokes (.Net Source)
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, cPKWk.cs.Net Code: BvEob1
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.raw.unpack, cPKWk.cs.Net Code: BvEob1

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        .NET source code contains very large array initializations
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.3070000.1.raw.unpack, .csLarge array initialization: : array initializer size 33957
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.31a3374.6.raw.unpack, .csLarge array initialization: : array initializer size 33957
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF13D80_2_02FF13D8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF25500_2_02FF2550
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF1B300_2_02FF1B30
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF08D00_2_02FF08D0
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF43580_2_02FF4358
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF43490_2_02FF4349
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF13430_2_02FF1343
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF56080_2_02FF5608
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF57900_2_02FF5790
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF57800_2_02FF5780
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF55F80_2_02FF55F8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF5A200_2_02FF5A20
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF5A100_2_02FF5A10
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF4EE00_2_02FF4EE0
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF4ED00_2_02FF4ED0
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF1FA90_2_02FF1FA9
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF5C080_2_02FF5C08
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_0302B7280_2_0302B728
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_030206410_2_03020641
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_030206880_2_03020688
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_03024D590_2_03024D59
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_03024D680_2_03024D68
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_030249CF0_2_030249CF
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_030249E00_2_030249E0
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_030200060_2_03020006
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_030200400_2_03020040
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_03169B240_2_03169B24
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_0316E5BB0_2_0316E5BB
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_0316AB3E0_2_0316AB3E
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_031669BC0_2_031669BC
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_031689D80_2_031689D8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_031689C80_2_031689C8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_03169B180_2_03169B18
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_0316FA400_2_0316FA40
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_0316F9F30_2_0316F9F3
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_02E44AE84_2_02E44AE8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_02E43ED04_2_02E43ED0
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_02E4DC984_2_02E4DC98
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_02E442184_2_02E44218
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_02E4E4604_2_02E4E460
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_06EAE7C84_2_06EAE7C8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_06EAB3204_2_06EAB320
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_06EA60A84_2_06EA60A8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_06EA00404_2_06EA0040
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_06EA35C84_2_06EA35C8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_06EAAC404_2_06EAAC40
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_06EA00214_2_06EA0021
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_06EA35C74_2_06EA35C7
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004B5E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2007574206.0000000003070000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dllD vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2007057373.000000000140E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2008266464.0000000003525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6b1d79bf-9b97-47a0-8a25-73227ac23a27.exe4 vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6b1d79bf-9b97-47a0-8a25-73227ac23a27.exe4 vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2022825410.0000000009A50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6b1d79bf-9b97-47a0-8a25-73227ac23a27.exe4 vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2008266464.0000000003181000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dllD vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247390106.00000000010F8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.000000000043E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename6b1d79bf-9b97-47a0-8a25-73227ac23a27.exe4 vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exeBinary or memory string: OriginalFilenameOBam.exe8 vs Rendeles_042024,jpg.scr.exe
                        Source: Rendeles_042024,jpg.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: 4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: Rendeles_042024,jpg.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, cPs8D.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, 72CF8egH.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, G5CXsdn.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, 3uPsILA6U.csCryptographic APIs: 'CreateDecryptor'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, 6oQOw74dfIt.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, aMIWm.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, T0B9xE3mxdOjxhb0bX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: _0020.SetAccessControl
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: _0020.AddAccessRule
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: _0020.SetAccessControl
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: _0020.AddAccessRule
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, T0B9xE3mxdOjxhb0bX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: _0020.SetAccessControl
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, xJ8MuqjQikowh096AW.csSecurity API names: _0020.AddAccessRule
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, T0B9xE3mxdOjxhb0bX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@3/3
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Rendeles_042024,jpg.scr.exe.logJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMutant created: NULL
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMutant created: \Sessions\1\BaseNamedObjects\ePnZRiyivhFNQoziO
                        Source: Rendeles_042024,jpg.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: Rendeles_042024,jpg.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: Rendeles_042024,jpg.scr.exeReversingLabs: Detection: 52%
                        Source: Rendeles_042024,jpg.scr.exeVirustotal: Detection: 50%
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile read: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe:Zone.IdentifierJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess created: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess created: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess created: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess created: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: dwrite.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                        Source: Rendeles_042024,jpg.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: Rendeles_042024,jpg.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                        Data Obfuscation

                        barindex
                        Detected unpacking (changes PE section rights)
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeUnpacked PE file: 0.2.Rendeles_042024,jpg.scr.exe.d30000.0.unpack .text:ER;.rsrc:R;.reloc:R; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:R;
                        Detected unpacking (overwrites its own PE header)
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeUnpacked PE file: 0.2.Rendeles_042024,jpg.scr.exe.d30000.0.unpack
                        .NET source code contains method to dynamically call methods (often used by packers)
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.7bb0000.13.raw.unpack, XG.cs.Net Code: Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777298)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777243)),Type.GetTypeFromHandle(global::cO.Ri.k2anMS(16777254))})
                        .NET source code contains potential unpacker
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.3070000.1.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.31a3374.6.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, xJ8MuqjQikowh096AW.cs.Net Code: VG6TWwM7fl System.Reflection.Assembly.Load(byte[])
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, xJ8MuqjQikowh096AW.cs.Net Code: VG6TWwM7fl System.Reflection.Assembly.Load(byte[])
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, xJ8MuqjQikowh096AW.cs.Net Code: VG6TWwM7fl System.Reflection.Assembly.Load(byte[])
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_00DDBC9E push ds; iretd 0_2_00DDBEC8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_00DDBD47 push ds; iretd 0_2_00DDBEC8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_00DDBC75 push 0001006Eh; iretd 0_2_00DDBC7A
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF7404 push ss; retf 0_2_02FF7405
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_02FF7C7A push cs; ret 0_2_02FF7C7B
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 0_2_030204E6 push esi; ret 0_2_030204E7
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_02E40C3D push edi; ret 4_2_02E40CC2
                        Source: Rendeles_042024,jpg.scr.exeStatic PE information: section name: .text entropy: 7.931478273821282
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, YL024Z28e53d9YxTlC.csHigh entropy of concatenated method names: 'GXkB5Vial0', 'hRDBgRT5vA', 'esv0KbsI1A', 'yCR0MuN5pS', 'FRQBONvqXB', 'GTDB6m3HpF', 'X7TBXmxsod', 'BrKBs6fD01', 'b9WBVAu85W', 'bZ4BbSc8xG'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, RtKVMKbr36wpTrLHXg.csHigh entropy of concatenated method names: 'ToString', 'E0xZOFkhjo', 'GqsZUgbSI6', 'Uw8ZA8hGXT', 'TIUZmHObKj', 'M8lZNJfKfv', 'qInZSPRwyo', 'JuQZvA8PFY', 'EINZiatXPX', 'zs2ZRpSoYx'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, Ttvh1ZROMV7JT5TYmE.csHigh entropy of concatenated method names: 'ajlpcBl2Qo', 'htdpEtS2RC', 'IsgpWRQdtk', 'jNrpwpd5JD', 'HempD7pt11', 'tF1pCxJv0q', 'fgXpPJo4o8', 'mG2p3vBmwQ', 'sLGplNFkr5', 'oWjp1Tvojb'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, OZRjHFXew9leU55XBk.csHigh entropy of concatenated method names: 'K8Z93Hvn7I', 'yfs9lr6WDA', 'WlN9exm4la', 'q7h9UPFK9a', 'Ho59mj99j9', 'fYb9NZvgKF', 'qi79vciVM1', 'pOl9iXSqNs', 'kJ49oPPbGD', 'Owc9OsJfi2'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, xtnVInlnyXPZWjJfmN.csHigh entropy of concatenated method names: 'yW1awm7CUp', 'AayaCLBcXk', 'v32a3pqBFY', 'LGqal6oDr8', 'UoyaQDSVcX', 'yvnaZJrGGY', 'RTnaBOS9k0', 'GUZa0T8twS', 'Kx6anAmkir', 'R6Xa7WVUNT'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, CO0WXPMtGP2vTsmOrGZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'J2s7sJJR15', 'Yel7VphSGn', 't087bIkR7l', 'HEW7LQLx8E', 'cAA7FJXSRh', 'nXv72ypxVX', 'APR7GQWQCT'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, DhiQhdztCE6lYn1WJn.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Otsn93Q9jv', 'GGunQYxyEA', 'aQsnZsgfCG', 'yWAnByfAWG', 'FAYn0jWj9g', 'jcjnnO8Uu5', 'Ignn7ZuLho'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, pqsnTtYE3DdxgN1dl6.csHigh entropy of concatenated method names: 'uIDWNntO6', 'ARpwUWZog', 'J2jCbeqrZ', 'LiwPNRgHU', 'oxGlRxvvS', 'c7D1Dwmca', 'FEyCbBVfcBkuu1usRK', 'Yn2qIxrL6WsX8OBFob', 'EOh0OaTBg', 'hMJ7o5gEV'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, AOGIQBIt2vhc08y0E9.csHigh entropy of concatenated method names: 'Dispose', 'Vi4Md7xqW8', 'JvIYUFUn3T', 'V6600OuZYb', 'Bq4MgsqkoU', 'BrhMzEY8T4', 'ProcessDialogKey', 'o2PYKbxdSe', 'xfYYMCKKf8', 'Es9YYU5A5r'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, xJ8MuqjQikowh096AW.csHigh entropy of concatenated method names: 'hsht8Nbj7L', 'bI4tkVwcjR', 'NPltIdW3Zp', 'cUQtalXKT4', 'vD7tJlKX4M', 'v6ntqA5whd', 'v0XtpMoysx', 'DWxtj339Sl', 'QFftf65Bbh', 'k9CtyGaiu7'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, K4aPP5MKVBkdSaO3yJa.csHigh entropy of concatenated method names: 'dwIncstamr', 'kASnEuEEpu', 'VE8nWkUYtP', 'cxcnwMwvLQ', 'mWWnDd1d7x', 'n6onComFAA', 'bv8nPJIeF2', 'w2Mn3JGQay', 'AesnlbiDML', 'kKan1Zl2Nh'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, UEIvD1auAgbla5vmFm.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'YRRYd6Kgaq', 'zfTYg19KX7', 'U6lYzvTG56', 'vUGtK1vNWi', 'wDxtMQhq54', 'rErtYbE18I', 'DRCttkJTCu', 'dJSGhs3d6LYWlaZCVtD'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, uc7xFReldh8O8t1tV6.csHigh entropy of concatenated method names: 'zAHq8hgpvO', 'c8SqI0vwtS', 'FMMqJTk429', 'bf6qpjFA6Q', 'zwUqjGk7wo', 'IQrJFftO5o', 'r9jJ2buTA4', 'pBaJGSAR9K', 's8VJ5RToIR', 'cfOJdk6lrH'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, SGc86svPKwYfG5vhbO.csHigh entropy of concatenated method names: 'j94pk5rBCe', 'Y5lpa83kdr', 'KAYpqlb3Ps', 'FCcqgnoMOt', 'EFBqzWEmgI', 'ebgpKRGG1d', 'jBTpMBDaJw', 'GZLpY42XFN', 'OGtptVV2p9', 'TWNpT8eqH2'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, H5A5r3gsBs3OnESd38.csHigh entropy of concatenated method names: 'RlmnM91V3K', 'Qd7ntlc64K', 'b3WnTRcjZW', 'iLNnkfAPJq', 'rlmnIqG1gE', 'UJ5nJM9BZa', 'TQgnqJI6mj', 'VTf0GndB7m', 'agZ05ZsGHf', 'eiI0dAnhZu'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, j4sqko5UCrhEY8T4Q2.csHigh entropy of concatenated method names: 'Qvo0kvV6Dq', 'uka0IyWDpt', 'eLm0akkQS5', 'wwD0JRiyYX', 'EyT0qIDZaJ', 'xPf0p5G95D', 'iqh0jGipOM', 'lFI0fKPTHR', 'AJu0yk6GuW', 'abI0rRXT12'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, TQ2UXdTY84itiEFn09.csHigh entropy of concatenated method names: 'ikLMp0B9xE', 'IxdMjOjxhb', 'snyMyXPZWj', 'hfmMrNCcC0', 'GNuMQk9hc7', 'wFRMZldh8O', 'j5qY1vIJqtgubWPfmg', 'FFcL5RKRle1RaBjQs8', 'K7JMMYoBjg', 'a3ZMtygP9G'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, T0B9xE3mxdOjxhb0bX.csHigh entropy of concatenated method names: 'mqkIsAAMEp', 'IgSIV1dHId', 'RiLIbyGbAG', 'DoZIL6ZRvD', 'q6oIFvOOrT', 'bJeI2QpUvO', 'Bg9IGKxaN8', 'b0EI53VH5T', 'qPnIdHuY6O', 'EVAIgGlk8d'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4de5380.11.raw.unpack, WrhKRwLQHn5N95F1ZO.csHigh entropy of concatenated method names: 'gZeByqovCV', 'yvsBreuJEr', 'ToString', 'G9JBkqWMLV', 'CWnBIMFHo8', 'dkZBaSMbYs', 'eGKBJcT2eg', 'piNBqmsYgC', 'lgSBpSVVm1', 'YUSBj7wtlu'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, YL024Z28e53d9YxTlC.csHigh entropy of concatenated method names: 'GXkB5Vial0', 'hRDBgRT5vA', 'esv0KbsI1A', 'yCR0MuN5pS', 'FRQBONvqXB', 'GTDB6m3HpF', 'X7TBXmxsod', 'BrKBs6fD01', 'b9WBVAu85W', 'bZ4BbSc8xG'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, RtKVMKbr36wpTrLHXg.csHigh entropy of concatenated method names: 'ToString', 'E0xZOFkhjo', 'GqsZUgbSI6', 'Uw8ZA8hGXT', 'TIUZmHObKj', 'M8lZNJfKfv', 'qInZSPRwyo', 'JuQZvA8PFY', 'EINZiatXPX', 'zs2ZRpSoYx'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, Ttvh1ZROMV7JT5TYmE.csHigh entropy of concatenated method names: 'ajlpcBl2Qo', 'htdpEtS2RC', 'IsgpWRQdtk', 'jNrpwpd5JD', 'HempD7pt11', 'tF1pCxJv0q', 'fgXpPJo4o8', 'mG2p3vBmwQ', 'sLGplNFkr5', 'oWjp1Tvojb'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, OZRjHFXew9leU55XBk.csHigh entropy of concatenated method names: 'K8Z93Hvn7I', 'yfs9lr6WDA', 'WlN9exm4la', 'q7h9UPFK9a', 'Ho59mj99j9', 'fYb9NZvgKF', 'qi79vciVM1', 'pOl9iXSqNs', 'kJ49oPPbGD', 'Owc9OsJfi2'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, xtnVInlnyXPZWjJfmN.csHigh entropy of concatenated method names: 'yW1awm7CUp', 'AayaCLBcXk', 'v32a3pqBFY', 'LGqal6oDr8', 'UoyaQDSVcX', 'yvnaZJrGGY', 'RTnaBOS9k0', 'GUZa0T8twS', 'Kx6anAmkir', 'R6Xa7WVUNT'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, CO0WXPMtGP2vTsmOrGZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'J2s7sJJR15', 'Yel7VphSGn', 't087bIkR7l', 'HEW7LQLx8E', 'cAA7FJXSRh', 'nXv72ypxVX', 'APR7GQWQCT'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, DhiQhdztCE6lYn1WJn.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Otsn93Q9jv', 'GGunQYxyEA', 'aQsnZsgfCG', 'yWAnByfAWG', 'FAYn0jWj9g', 'jcjnnO8Uu5', 'Ignn7ZuLho'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, pqsnTtYE3DdxgN1dl6.csHigh entropy of concatenated method names: 'uIDWNntO6', 'ARpwUWZog', 'J2jCbeqrZ', 'LiwPNRgHU', 'oxGlRxvvS', 'c7D1Dwmca', 'FEyCbBVfcBkuu1usRK', 'Yn2qIxrL6WsX8OBFob', 'EOh0OaTBg', 'hMJ7o5gEV'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, AOGIQBIt2vhc08y0E9.csHigh entropy of concatenated method names: 'Dispose', 'Vi4Md7xqW8', 'JvIYUFUn3T', 'V6600OuZYb', 'Bq4MgsqkoU', 'BrhMzEY8T4', 'ProcessDialogKey', 'o2PYKbxdSe', 'xfYYMCKKf8', 'Es9YYU5A5r'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, xJ8MuqjQikowh096AW.csHigh entropy of concatenated method names: 'hsht8Nbj7L', 'bI4tkVwcjR', 'NPltIdW3Zp', 'cUQtalXKT4', 'vD7tJlKX4M', 'v6ntqA5whd', 'v0XtpMoysx', 'DWxtj339Sl', 'QFftf65Bbh', 'k9CtyGaiu7'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, K4aPP5MKVBkdSaO3yJa.csHigh entropy of concatenated method names: 'dwIncstamr', 'kASnEuEEpu', 'VE8nWkUYtP', 'cxcnwMwvLQ', 'mWWnDd1d7x', 'n6onComFAA', 'bv8nPJIeF2', 'w2Mn3JGQay', 'AesnlbiDML', 'kKan1Zl2Nh'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, UEIvD1auAgbla5vmFm.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'YRRYd6Kgaq', 'zfTYg19KX7', 'U6lYzvTG56', 'vUGtK1vNWi', 'wDxtMQhq54', 'rErtYbE18I', 'DRCttkJTCu', 'dJSGhs3d6LYWlaZCVtD'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, uc7xFReldh8O8t1tV6.csHigh entropy of concatenated method names: 'zAHq8hgpvO', 'c8SqI0vwtS', 'FMMqJTk429', 'bf6qpjFA6Q', 'zwUqjGk7wo', 'IQrJFftO5o', 'r9jJ2buTA4', 'pBaJGSAR9K', 's8VJ5RToIR', 'cfOJdk6lrH'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, SGc86svPKwYfG5vhbO.csHigh entropy of concatenated method names: 'j94pk5rBCe', 'Y5lpa83kdr', 'KAYpqlb3Ps', 'FCcqgnoMOt', 'EFBqzWEmgI', 'ebgpKRGG1d', 'jBTpMBDaJw', 'GZLpY42XFN', 'OGtptVV2p9', 'TWNpT8eqH2'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, H5A5r3gsBs3OnESd38.csHigh entropy of concatenated method names: 'RlmnM91V3K', 'Qd7ntlc64K', 'b3WnTRcjZW', 'iLNnkfAPJq', 'rlmnIqG1gE', 'UJ5nJM9BZa', 'TQgnqJI6mj', 'VTf0GndB7m', 'agZ05ZsGHf', 'eiI0dAnhZu'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, j4sqko5UCrhEY8T4Q2.csHigh entropy of concatenated method names: 'Qvo0kvV6Dq', 'uka0IyWDpt', 'eLm0akkQS5', 'wwD0JRiyYX', 'EyT0qIDZaJ', 'xPf0p5G95D', 'iqh0jGipOM', 'lFI0fKPTHR', 'AJu0yk6GuW', 'abI0rRXT12'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, TQ2UXdTY84itiEFn09.csHigh entropy of concatenated method names: 'ikLMp0B9xE', 'IxdMjOjxhb', 'snyMyXPZWj', 'hfmMrNCcC0', 'GNuMQk9hc7', 'wFRMZldh8O', 'j5qY1vIJqtgubWPfmg', 'FFcL5RKRle1RaBjQs8', 'K7JMMYoBjg', 'a3ZMtygP9G'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, T0B9xE3mxdOjxhb0bX.csHigh entropy of concatenated method names: 'mqkIsAAMEp', 'IgSIV1dHId', 'RiLIbyGbAG', 'DoZIL6ZRvD', 'q6oIFvOOrT', 'bJeI2QpUvO', 'Bg9IGKxaN8', 'b0EI53VH5T', 'qPnIdHuY6O', 'EVAIgGlk8d'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.9a50000.14.raw.unpack, WrhKRwLQHn5N95F1ZO.csHigh entropy of concatenated method names: 'gZeByqovCV', 'yvsBreuJEr', 'ToString', 'G9JBkqWMLV', 'CWnBIMFHo8', 'dkZBaSMbYs', 'eGKBJcT2eg', 'piNBqmsYgC', 'lgSBpSVVm1', 'YUSBj7wtlu'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.7bb0000.13.raw.unpack, XG.csHigh entropy of concatenated method names: 'S1d', 'RgtTUJcyZL', 'n1Q', 'M1r', 'Y1a', 'U1m', 'k2an4M', 'gt', 'kU', 'rK'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, YL024Z28e53d9YxTlC.csHigh entropy of concatenated method names: 'GXkB5Vial0', 'hRDBgRT5vA', 'esv0KbsI1A', 'yCR0MuN5pS', 'FRQBONvqXB', 'GTDB6m3HpF', 'X7TBXmxsod', 'BrKBs6fD01', 'b9WBVAu85W', 'bZ4BbSc8xG'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, RtKVMKbr36wpTrLHXg.csHigh entropy of concatenated method names: 'ToString', 'E0xZOFkhjo', 'GqsZUgbSI6', 'Uw8ZA8hGXT', 'TIUZmHObKj', 'M8lZNJfKfv', 'qInZSPRwyo', 'JuQZvA8PFY', 'EINZiatXPX', 'zs2ZRpSoYx'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, Ttvh1ZROMV7JT5TYmE.csHigh entropy of concatenated method names: 'ajlpcBl2Qo', 'htdpEtS2RC', 'IsgpWRQdtk', 'jNrpwpd5JD', 'HempD7pt11', 'tF1pCxJv0q', 'fgXpPJo4o8', 'mG2p3vBmwQ', 'sLGplNFkr5', 'oWjp1Tvojb'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, OZRjHFXew9leU55XBk.csHigh entropy of concatenated method names: 'K8Z93Hvn7I', 'yfs9lr6WDA', 'WlN9exm4la', 'q7h9UPFK9a', 'Ho59mj99j9', 'fYb9NZvgKF', 'qi79vciVM1', 'pOl9iXSqNs', 'kJ49oPPbGD', 'Owc9OsJfi2'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, xtnVInlnyXPZWjJfmN.csHigh entropy of concatenated method names: 'yW1awm7CUp', 'AayaCLBcXk', 'v32a3pqBFY', 'LGqal6oDr8', 'UoyaQDSVcX', 'yvnaZJrGGY', 'RTnaBOS9k0', 'GUZa0T8twS', 'Kx6anAmkir', 'R6Xa7WVUNT'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, CO0WXPMtGP2vTsmOrGZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'J2s7sJJR15', 'Yel7VphSGn', 't087bIkR7l', 'HEW7LQLx8E', 'cAA7FJXSRh', 'nXv72ypxVX', 'APR7GQWQCT'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, DhiQhdztCE6lYn1WJn.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Otsn93Q9jv', 'GGunQYxyEA', 'aQsnZsgfCG', 'yWAnByfAWG', 'FAYn0jWj9g', 'jcjnnO8Uu5', 'Ignn7ZuLho'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, pqsnTtYE3DdxgN1dl6.csHigh entropy of concatenated method names: 'uIDWNntO6', 'ARpwUWZog', 'J2jCbeqrZ', 'LiwPNRgHU', 'oxGlRxvvS', 'c7D1Dwmca', 'FEyCbBVfcBkuu1usRK', 'Yn2qIxrL6WsX8OBFob', 'EOh0OaTBg', 'hMJ7o5gEV'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, AOGIQBIt2vhc08y0E9.csHigh entropy of concatenated method names: 'Dispose', 'Vi4Md7xqW8', 'JvIYUFUn3T', 'V6600OuZYb', 'Bq4MgsqkoU', 'BrhMzEY8T4', 'ProcessDialogKey', 'o2PYKbxdSe', 'xfYYMCKKf8', 'Es9YYU5A5r'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, xJ8MuqjQikowh096AW.csHigh entropy of concatenated method names: 'hsht8Nbj7L', 'bI4tkVwcjR', 'NPltIdW3Zp', 'cUQtalXKT4', 'vD7tJlKX4M', 'v6ntqA5whd', 'v0XtpMoysx', 'DWxtj339Sl', 'QFftf65Bbh', 'k9CtyGaiu7'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, K4aPP5MKVBkdSaO3yJa.csHigh entropy of concatenated method names: 'dwIncstamr', 'kASnEuEEpu', 'VE8nWkUYtP', 'cxcnwMwvLQ', 'mWWnDd1d7x', 'n6onComFAA', 'bv8nPJIeF2', 'w2Mn3JGQay', 'AesnlbiDML', 'kKan1Zl2Nh'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, UEIvD1auAgbla5vmFm.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'YRRYd6Kgaq', 'zfTYg19KX7', 'U6lYzvTG56', 'vUGtK1vNWi', 'wDxtMQhq54', 'rErtYbE18I', 'DRCttkJTCu', 'dJSGhs3d6LYWlaZCVtD'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, uc7xFReldh8O8t1tV6.csHigh entropy of concatenated method names: 'zAHq8hgpvO', 'c8SqI0vwtS', 'FMMqJTk429', 'bf6qpjFA6Q', 'zwUqjGk7wo', 'IQrJFftO5o', 'r9jJ2buTA4', 'pBaJGSAR9K', 's8VJ5RToIR', 'cfOJdk6lrH'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, SGc86svPKwYfG5vhbO.csHigh entropy of concatenated method names: 'j94pk5rBCe', 'Y5lpa83kdr', 'KAYpqlb3Ps', 'FCcqgnoMOt', 'EFBqzWEmgI', 'ebgpKRGG1d', 'jBTpMBDaJw', 'GZLpY42XFN', 'OGtptVV2p9', 'TWNpT8eqH2'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, H5A5r3gsBs3OnESd38.csHigh entropy of concatenated method names: 'RlmnM91V3K', 'Qd7ntlc64K', 'b3WnTRcjZW', 'iLNnkfAPJq', 'rlmnIqG1gE', 'UJ5nJM9BZa', 'TQgnqJI6mj', 'VTf0GndB7m', 'agZ05ZsGHf', 'eiI0dAnhZu'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, j4sqko5UCrhEY8T4Q2.csHigh entropy of concatenated method names: 'Qvo0kvV6Dq', 'uka0IyWDpt', 'eLm0akkQS5', 'wwD0JRiyYX', 'EyT0qIDZaJ', 'xPf0p5G95D', 'iqh0jGipOM', 'lFI0fKPTHR', 'AJu0yk6GuW', 'abI0rRXT12'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, TQ2UXdTY84itiEFn09.csHigh entropy of concatenated method names: 'ikLMp0B9xE', 'IxdMjOjxhb', 'snyMyXPZWj', 'hfmMrNCcC0', 'GNuMQk9hc7', 'wFRMZldh8O', 'j5qY1vIJqtgubWPfmg', 'FFcL5RKRle1RaBjQs8', 'K7JMMYoBjg', 'a3ZMtygP9G'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, T0B9xE3mxdOjxhb0bX.csHigh entropy of concatenated method names: 'mqkIsAAMEp', 'IgSIV1dHId', 'RiLIbyGbAG', 'DoZIL6ZRvD', 'q6oIFvOOrT', 'bJeI2QpUvO', 'Bg9IGKxaN8', 'b0EI53VH5T', 'qPnIdHuY6O', 'EVAIgGlk8d'
                        Source: 0.2.Rendeles_042024,jpg.scr.exe.4d68360.10.raw.unpack, WrhKRwLQHn5N95F1ZO.csHigh entropy of concatenated method names: 'gZeByqovCV', 'yvsBreuJEr', 'ToString', 'G9JBkqWMLV', 'CWnBIMFHo8', 'dkZBaSMbYs', 'eGKBJcT2eg', 'piNBqmsYgC', 'lgSBpSVVm1', 'YUSBj7wtlu'
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: Process Memory Space: Rendeles_042024,jpg.scr.exe PID: 2884, type: MEMORYSTR
                        Check if machine is in data center or colocation facility
                        Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                        Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLESELECT * FROM WIN32_COMPUTERSYSTEM
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 3180000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 57C0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 67C0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 68F0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 78F0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: A3F0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: B3F0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: B880000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: C880000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 2E00000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 2FA0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: 4FA0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 600000Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599856Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599734Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599551Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599219Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599107Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599000Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 598888Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 595437Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 595311Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 595203Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 595094Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594950Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594841Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594704Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594578Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594469Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594344Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594235Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594110Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593985Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593860Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593735Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593610Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593485Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593360Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593235Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593110Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592985Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592860Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592735Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592610Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592448Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592330Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 591016Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 590887Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeWindow / User API: threadDelayed 2533Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeWindow / User API: threadDelayed 7278Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 7080Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep count: 37 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -600000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4408Thread sleep count: 2533 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -599856s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4408Thread sleep count: 7278 > 30Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -599734s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -599551s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -599219s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -599107s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -599000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -598888s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99891s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99780s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99672s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99563s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99453s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99344s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99219s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99109s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -99000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -98891s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -98781s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -98672s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -98563s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -98438s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -98328s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -98219s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -98071s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -96910s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -595437s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -595311s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -595203s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -595094s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -594950s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -594841s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -594704s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -594578s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -594469s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -594344s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -594235s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -594110s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -593985s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -593860s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -593735s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -593610s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -593485s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -593360s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -593235s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -593110s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -592985s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -592860s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -592735s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -592610s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -592448s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -592330s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -591016s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe TID: 4368Thread sleep time: -590887s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 600000Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599856Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599734Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599551Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599219Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599107Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 599000Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 598888Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99891Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99780Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99672Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99563Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99453Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99344Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99219Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99109Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 99000Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 98891Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 98781Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 98672Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 98563Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 98438Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 98328Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 98219Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 98071Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 96910Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 595437Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 595311Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 595203Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 595094Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594950Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594841Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594704Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594578Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594469Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594344Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594235Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 594110Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593985Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593860Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593735Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593610Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593485Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593360Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593235Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 593110Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592985Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592860Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592735Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592610Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592448Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 592330Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 591016Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeThread delayed: delay time: 590887Jump to behavior
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247421513.00000000012A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll'
                        Source: Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess information queried: ProcessInformationJump to behavior

                        Anti Debugging

                        barindex
                        Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeCode function: 4_2_02E47EF8 CheckRemoteDebuggerPresent,4_2_02E47EF8
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess created: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeProcess created: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe "C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000004.00000002.3249220624.000000000302D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.3249220624.0000000003035000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.3249220624.0000000003004000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Rendeles_042024,jpg.scr.exe PID: 2884, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Rendeles_042024,jpg.scr.exe PID: 2140, type: MEMORYSTR
                        Yara detected PureLog Stealer
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.7bb0000.13.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.7bb0000.13.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.327cccc.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.325b06c.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.327bcb4.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.2022036675.0000000007BB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2008266464.0000000003259000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: Yara matchFile source: 4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.3249220624.0000000003004000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Rendeles_042024,jpg.scr.exe PID: 2884, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Rendeles_042024,jpg.scr.exe PID: 2140, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected AgentTesla
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 4.2.Rendeles_042024,jpg.scr.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4e823c0.9.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.4efe348.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000004.00000002.3249220624.000000000302D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.3249220624.0000000003035000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.3249220624.0000000003004000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Rendeles_042024,jpg.scr.exe PID: 2884, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Rendeles_042024,jpg.scr.exe PID: 2140, type: MEMORYSTR
                        Yara detected PureLog Stealer
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.7bb0000.13.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.7bb0000.13.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.327cccc.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.325b06c.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.Rendeles_042024,jpg.scr.exe.327bcb4.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.2022036675.0000000007BB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.2008266464.0000000003259000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		2
                        OS Credential Dumping                        		1
                        File and Directory Discovery                        		Remote Services11
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
                        Process Injection                        		1
                        Deobfuscate/Decode Files or Information                        		1
                        Input Capture                        		24
                        System Information Discovery                        		Remote Desktop Protocol2
                        Data from Local System                        		11
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                        Obfuscated Files or Information                        		1
                        Credentials in Registry                        		1
                        Query Registry                        		SMB/Windows Admin Shares1
                        Email Collection                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook42
                        Software Packing                        		NTDS421
                        Security Software Discovery                        		Distributed Component Object Model1
                        Input Capture                        		2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        DLL Side-Loading                        		LSA Secrets1
                        Process Discovery                        		SSHKeylogging23
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        Masquerading                        		Cached Domain Credentials151
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items151
                        Virtualization/Sandbox Evasion                        		DCSync1
                        Application Window Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                        Process Injection                        		Proc Filesystem1
                        System Network Configuration Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        Rendeles_042024,jpg.scr.exe53%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                        Rendeles_042024,jpg.scr.exe50%VirustotalBrowse
                        Rendeles_042024,jpg.scr.exe100%AviraHEUR/AGEN.1306842
                        Rendeles_042024,jpg.scr.exe100%Joe Sandbox ML

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        SourceDetectionScannerLabelLink
                        mail.woxi.cz1%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://mail.woxi.cz0%Avira URL Cloudsafe
                        http://mail.woxi.cz1%VirustotalBrowse

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        api.ipify.org
                        		104.26.13.205
                        		truefalse
                          		high
                          ip-api.com
                          		208.95.112.1
                          		truefalse
                            		high
                            mail.woxi.cz
                            		77.93.220.4
                            		truetrueunknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://api.ipify.org/false
                              		high
                              http://ip-api.com/line/?fields=hostingfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://api.ipify.orgRendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://mail.woxi.czRendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.000000000302D000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://account.dyn.com/Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, Rendeles_042024,jpg.scr.exe, 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.ipify.org/tRendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://ip-api.comRendeles_042024,jpg.scr.exe, 00000004.00000002.3249220624.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          208.95.112.1
                                          		ip-api.comUnited States
                                          		53334TUT-ASUSfalse
                                          104.26.13.205
                                          		api.ipify.orgUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          77.93.220.4
                                          		mail.woxi.czCzech Republic
                                          		24971MASTER-ASCzechRepublicwwwmasterczCZtrue

                                          General Information

                                          Joe Sandbox version:40.0.0 Tourmaline
                                          Analysis ID:1433163
                                          Start date and time:2024-04-29 10:17:05 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 6m 26s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:7
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:Rendeles_042024,jpg.scr.exe
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.evad.winEXE@5/1@3/3
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HCA Information:
                                          • Successful, ratio: 97%
                                          • Number of executed functions: 119
                                          • Number of non-executed functions: 39
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          10:17:49API Interceptor583694x Sleep call for process: Rendeles_042024,jpg.scr.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          208.95.112.1SecuriteInfo.com.Win32.RATX-gen.8126.4318.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • ip-api.com/line/?fields=hosting
                                          6m5xntHvKE.jarGet hashmaliciousSTRRATBrowse
                                          • ip-api.com/json/
                                          Y5FjBvytOL.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                          • ip-api.com/line/?fields=hosting
                                          PURCHASE ORDER LIST GREEN VALLY CORP PDF.batGet hashmaliciousGuLoaderBrowse
                                          • ip-api.com/line/?fields=hosting
                                          lGaZ58sYpVmY9rn.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • ip-api.com/line/?fields=hosting
                                          Request For Quotation RFQ1310.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • ip-api.com/line/?fields=hosting
                                          SecuriteInfo.com.Trojan.DownLoader46.60844.7642.4031.exeGet hashmaliciousAgentTeslaBrowse
                                          • ip-api.com/line/?fields=hosting
                                          Zuma Deluxe.exeGet hashmaliciousPhemedrone StealerBrowse
                                          • ip-api.com/json/?fields=11827
                                          immortal.bin.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                          • ip-api.com/line/?fields=hosting
                                          l0xmdpqk.ylw.bin.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                          • ip-api.com/line/?fields=hosting
                                          104.26.13.205ReturnLegend.exeGet hashmaliciousStealitBrowse
                                          • api.ipify.org/?format=json
                                          SecuriteInfo.com.Trojan.DownLoaderNET.960.9931.28151.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                          • api.ipify.org/
                                          Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                          • api.ipify.org/?format=json
                                          ArenaWarSetup.exeGet hashmaliciousStealitBrowse
                                          • api.ipify.org/?format=json
                                          Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                          • api.ipify.org/?format=json
                                          E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                          • api.ipify.org/
                                          E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                          • api.ipify.org/
                                          SecuriteInfo.com.Win64.RATX-gen.31127.4101.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                          • api.ipify.org/

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          mail.woxi.czFizetes,jpg.scr.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          Zaplata,jpg.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          Zaplata,jpeg.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                          • 77.93.220.4
                                          zaplata,jpeg.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          Zam#U00f3wienie.jpeg.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          SecuriteInfo.com.W32.MSIL_Kryptik.DWR.gen.Eldorado.31524.21566.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          SecuriteInfo.com.Win32.CrypterX-gen.29219.11140.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          SecuriteInfo.com.Trojan.MSIL.FormBook.AGCG.MTB.18730.19437.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          2ZR0z3TXvgQYz22.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          SecuriteInfo.com.Win32.PWSX-gen.5114.18399.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          ip-api.comhttp://flow.page/pscu.comGet hashmaliciousHTMLPhisherBrowse
                                          • 38.128.66.209
                                          SecuriteInfo.com.Win32.RATX-gen.8126.4318.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 208.95.112.1
                                          6m5xntHvKE.jarGet hashmaliciousSTRRATBrowse
                                          • 208.95.112.1
                                          Y5FjBvytOL.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                          • 208.95.112.1
                                          PURCHASE ORDER LIST GREEN VALLY CORP PDF.batGet hashmaliciousGuLoaderBrowse
                                          • 208.95.112.1
                                          lGaZ58sYpVmY9rn.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 208.95.112.1
                                          Request For Quotation RFQ1310.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 208.95.112.1
                                          SecuriteInfo.com.Trojan.DownLoader46.60844.7642.4031.exeGet hashmaliciousAgentTeslaBrowse
                                          • 208.95.112.1
                                          Zuma Deluxe.exeGet hashmaliciousPhemedrone StealerBrowse
                                          • 208.95.112.1
                                          immortal.bin.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                          • 208.95.112.1
                                          api.ipify.orgSecuriteInfo.com.Win32.PWSX-gen.16177.2093.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 172.67.74.152
                                          SecuriteInfo.com.Win32.RATX-gen.8126.4318.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 104.26.12.205
                                          clik.exeGet hashmaliciousCredGrabber, PureLog StealerBrowse
                                          • 172.67.74.152
                                          leadiadequatepro.exeGet hashmaliciousCredGrabber, PureLog StealerBrowse
                                          • 172.67.74.152
                                          Order PS24S0040.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 104.26.12.205
                                          New Order NO-19006022.pif.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 172.67.74.152
                                          lIoOSFYisn.exeGet hashmaliciousUnknownBrowse
                                          • 172.67.74.152
                                          SecuriteInfo.com.Trojan.DownLoader46.60844.7642.4031.exeGet hashmaliciousAgentTeslaBrowse
                                          • 172.67.74.152
                                          https://worker-curly-silence-18d1.pistisarte.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                          • 172.67.74.152
                                          SecuriteInfo.com.Win64.Evo-gen.3508.11571.exeGet hashmaliciousLuna LoggerBrowse
                                          • 172.67.74.152

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CLOUDFLARENETUShttp://flow.page/pscu.comGet hashmaliciousHTMLPhisherBrowse
                                          • 104.18.29.25
                                          SecuriteInfo.com.Win32.PWSX-gen.16177.2093.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 172.67.74.152
                                          https://lien.ffepgv.fr/c?q=lbBPNtJyul4a3Zs_7togvh6AuGh0dHBzOi8vb3JkZXItcHVibGljLmNvbaxdSU5pmTK3FDRZQxysZih7F-SwUm7IbuaKrmxpZW4uZmZlcGd2LmZyGet hashmaliciousUnknownBrowse
                                          • 1.1.1.1
                                          SecuriteInfo.com.Win32.RATX-gen.8126.4318.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 104.26.12.205
                                          SecuriteInfo.com.Win32.TrojanX-gen.3413.25873.exeGet hashmaliciousRisePro StealerBrowse
                                          • 172.67.75.166
                                          SecuriteInfo.com.Win64.Evo-gen.29020.27952.exeGet hashmaliciousUnknownBrowse
                                          • 104.26.0.5
                                          https://cloudsss-c367.iardainwkasn.workers.dev/Get hashmaliciousUnknownBrowse
                                          • 104.21.35.193
                                          https://s3.ap-southeast-1.amazonaws.com/8mybucket21233.ujko87.mybucket11233rfvdjdfjkd.mybucket1183.3/Wi0n0ertrf500mpAlert042/index.htmlGet hashmaliciousTechSupportScamBrowse
                                          • 104.22.24.131
                                          https://vbvfdvdjvv.fyfyvfytvghv.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                          • 104.21.235.181
                                          Vqzx4PFehn.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 172.67.144.153
                                          MASTER-ASCzechRepublicwwwmasterczCZFizetes,jpg.scr.exeGet hashmaliciousAgentTeslaBrowse
                                          • 77.93.220.4
                                          VkiGKeyI3L.elfGet hashmaliciousMiraiBrowse
                                          • 37.205.15.251
                                          k6AIKkidxG.exeGet hashmaliciousDCRatBrowse
                                          • 80.78.243.49
                                          h08xdwuTfW.elfGet hashmaliciousUnknownBrowse
                                          • 185.8.165.122
                                          TfpwQ763RO.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 185.8.165.146
                                          quhEKAdhFU.elfGet hashmaliciousMiraiBrowse
                                          • 81.31.42.18
                                          uR9GWkX25p.exeGet hashmaliciousDCRatBrowse
                                          • 80.78.243.170
                                          ZKI2FzCYEA.exeGet hashmaliciousDCRatBrowse
                                          • 80.78.243.170
                                          kzjTVVV3Y1.elfGet hashmaliciousMiraiBrowse
                                          • 80.79.25.106
                                          R62KHcte51.elfGet hashmaliciousMiraiBrowse
                                          • 81.31.42.30
                                          TUT-ASUSSecuriteInfo.com.Win32.RATX-gen.8126.4318.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 208.95.112.1
                                          6m5xntHvKE.jarGet hashmaliciousSTRRATBrowse
                                          • 208.95.112.1
                                          Y5FjBvytOL.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                          • 208.95.112.1
                                          PURCHASE ORDER LIST GREEN VALLY CORP PDF.batGet hashmaliciousGuLoaderBrowse
                                          • 208.95.112.1
                                          lGaZ58sYpVmY9rn.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 208.95.112.1
                                          Request For Quotation RFQ1310.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 208.95.112.1
                                          SecuriteInfo.com.Trojan.DownLoader46.60844.7642.4031.exeGet hashmaliciousAgentTeslaBrowse
                                          • 208.95.112.1
                                          Zuma Deluxe.exeGet hashmaliciousPhemedrone StealerBrowse
                                          • 208.95.112.1
                                          immortal.bin.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                          • 208.95.112.1
                                          l0xmdpqk.ylw.bin.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                          • 208.95.112.1

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          3b5074b1b5d032e5620f69f9f700ff0eHsbcBank_copy.htaGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 104.26.13.205
                                          SecuriteInfo.com.Win32.PWSX-gen.16177.2093.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 104.26.13.205
                                          SecuriteInfo.com.Win32.RATX-gen.8126.4318.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 104.26.13.205
                                          SecuriteInfo.com.PUA.Tool.InstSrv.10.27384.30600.exeGet hashmaliciousUnknownBrowse
                                          • 104.26.13.205
                                          SecuriteInfo.com.PUA.Tool.InstSrv.10.27384.30600.exeGet hashmaliciousUnknownBrowse
                                          • 104.26.13.205
                                          Vqzx4PFehn.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 104.26.13.205
                                          Order PS24S0040.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 104.26.13.205
                                          FastExecuteScript.exeGet hashmaliciousUnknownBrowse
                                          • 104.26.13.205
                                          eqmq0pcp.yew(1).exeGet hashmaliciousXmrigBrowse
                                          • 104.26.13.205
                                          Ro8zgGY3GZ.exeGet hashmaliciousPureLog StealerBrowse
                                          • 104.26.13.205

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Rendeles_042024,jpg.scr.exe.log

                                          Download File
                                          Process:C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1216
                                          Entropy (8bit):5.34331486778365
                                          Encrypted:false
                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):7.9246958307344695
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          • DOS Executable Generic (2002/1) 0.01%
                                          File name:Rendeles_042024,jpg.scr.exe
                                          File size:738'816 bytes
                                          MD5:f9a9054852e6529e9e3d8b392241601c
                                          SHA1:e96482de839c1fe063982ef64d6d930312054ea6
                                          SHA256:96c18fdcc302306d493535b0c90413892759a61925bcb3cf2f0d1a1cbbac554e
                                          SHA512:91349fbd232b4663e72f5b54398f5e751a4ba86cb436efd44a605976386d4944270ee50971349509108157f8e55742c4cb4709ef9e086db2146bfd0afefeaabf
                                          SSDEEP:12288:nTB778QduSfT7LaUuOuIgVuboparMfRVzZ9uc+VnP6GStXRl4UNmXP1dDhu1vMCg:TBLuA8OzgVub4arqVzZ9o3OXRlBNYP1X
                                          TLSH:F9F4F18C7658B2DFC55BC876DA586C60A62074BB534BD243A45325E8EE0EACBCF111F3
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..8...........W... ...`....@.. ....................................@................................

                                          File Icon

                                          Icon Hash:0888742406740004

                                          Static PE Info

                                          General

                                          Entrypoint:0x4b57ce
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x662EEDD7 [Mon Apr 29 00:46:15 2024 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                          Entrypoint Preview

                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xb577c0x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x940.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xb80000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000xb37d40xb38001a7601b07ef2d89d17d0efdbfd048662False0.9340371474582173data7.931478273821282IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0xb60000x9400xa00b892264f91ac6cddf3e7519442cdda99False0.516796875data5.0431684949155455IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xb80000xc0x200a758948dbb69479005bb3fc6ae2ae447False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0xb60e80x51dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.679144385026738
                                          RT_GROUP_ICON0xb66080x14data1.05
                                          RT_VERSION0xb661c0x320data0.45

                                          Imports

                                          DLLImport
                                          mscoree.dll_CorExeMain

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          04/29/24-10:17:57.586988TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249710587192.168.2.577.93.220.4
                                          04/29/24-10:17:57.524587TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49710587192.168.2.577.93.220.4
                                          04/29/24-10:17:57.586988TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49710587192.168.2.577.93.220.4
                                          04/29/24-10:17:57.586988TCP2855542ETPRO TROJAN Agent Tesla CnC Exfil Activity49710587192.168.2.577.93.220.4
                                          04/29/24-10:17:57.586988TCP2855245ETPRO TROJAN Agent Tesla Exfil via SMTP49710587192.168.2.577.93.220.4

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 29, 2024 10:17:51.278336048 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:51.278371096 CEST44349707104.26.13.205192.168.2.5
                                          Apr 29, 2024 10:17:51.278441906 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:51.283035040 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:51.283049107 CEST44349707104.26.13.205192.168.2.5
                                          Apr 29, 2024 10:17:51.515499115 CEST44349707104.26.13.205192.168.2.5
                                          Apr 29, 2024 10:17:51.515566111 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:51.666883945 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:51.666910887 CEST44349707104.26.13.205192.168.2.5
                                          Apr 29, 2024 10:17:51.667247057 CEST44349707104.26.13.205192.168.2.5
                                          Apr 29, 2024 10:17:51.710130930 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:53.261245012 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:53.304119110 CEST44349707104.26.13.205192.168.2.5
                                          Apr 29, 2024 10:17:53.427769899 CEST44349707104.26.13.205192.168.2.5
                                          Apr 29, 2024 10:17:53.427843094 CEST44349707104.26.13.205192.168.2.5
                                          Apr 29, 2024 10:17:53.427889109 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:53.440761089 CEST49707443192.168.2.5104.26.13.205
                                          Apr 29, 2024 10:17:53.616277933 CEST4970980192.168.2.5208.95.112.1
                                          Apr 29, 2024 10:17:53.741494894 CEST8049709208.95.112.1192.168.2.5
                                          Apr 29, 2024 10:17:53.741590977 CEST4970980192.168.2.5208.95.112.1
                                          Apr 29, 2024 10:17:53.741703033 CEST4970980192.168.2.5208.95.112.1
                                          Apr 29, 2024 10:17:53.921405077 CEST8049709208.95.112.1192.168.2.5
                                          Apr 29, 2024 10:17:54.038269043 CEST4970980192.168.2.5208.95.112.1
                                          Apr 29, 2024 10:17:54.680984974 CEST4970980192.168.2.5208.95.112.1
                                          Apr 29, 2024 10:17:54.806488991 CEST8049709208.95.112.1192.168.2.5
                                          Apr 29, 2024 10:17:54.806555033 CEST4970980192.168.2.5208.95.112.1
                                          Apr 29, 2024 10:17:55.120079041 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:55.341579914 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:55.341669083 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:55.722220898 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:55.722390890 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:55.943932056 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:55.943980932 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:55.944952965 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:56.166390896 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:56.166620970 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:56.388094902 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:56.388509989 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:56.611406088 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:56.663253069 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:56.749385118 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:56.973268032 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:57.022649050 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:57.074088097 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:57.307060003 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:57.350749969 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:57.524586916 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:57.586987972 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:57.587014914 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:57.587116957 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:17:57.783621073 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:57.808399916 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:57.808459044 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:57.819467068 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:17:57.866381884 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:19:34.711077929 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:19:34.932605028 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:19:34.932626963 CEST5874971077.93.220.4192.168.2.5
                                          Apr 29, 2024 10:19:34.932692051 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:19:34.932737112 CEST49710587192.168.2.577.93.220.4
                                          Apr 29, 2024 10:19:35.154280901 CEST5874971077.93.220.4192.168.2.5

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 29, 2024 10:17:51.158360958 CEST6408653192.168.2.51.1.1.1
                                          Apr 29, 2024 10:17:51.268486977 CEST53640861.1.1.1192.168.2.5
                                          Apr 29, 2024 10:17:53.501153946 CEST5574553192.168.2.51.1.1.1
                                          Apr 29, 2024 10:17:53.615375042 CEST53557451.1.1.1192.168.2.5
                                          Apr 29, 2024 10:17:54.681648970 CEST5312753192.168.2.51.1.1.1
                                          Apr 29, 2024 10:17:55.119357109 CEST53531271.1.1.1192.168.2.5

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Apr 29, 2024 10:17:51.158360958 CEST192.168.2.51.1.1.10x1991Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                          Apr 29, 2024 10:17:53.501153946 CEST192.168.2.51.1.1.10x685eStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                          Apr 29, 2024 10:17:54.681648970 CEST192.168.2.51.1.1.10x5449Standard query (0)mail.woxi.czA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Apr 29, 2024 10:17:51.268486977 CEST1.1.1.1192.168.2.50x1991No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                          Apr 29, 2024 10:17:51.268486977 CEST1.1.1.1192.168.2.50x1991No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                          Apr 29, 2024 10:17:51.268486977 CEST1.1.1.1192.168.2.50x1991No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                          Apr 29, 2024 10:17:53.615375042 CEST1.1.1.1192.168.2.50x685eNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                          Apr 29, 2024 10:17:55.119357109 CEST1.1.1.1192.168.2.50x5449No error (0)mail.woxi.cz77.93.220.4A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • api.ipify.org
                                          • ip-api.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.549709208.95.112.1802140C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe
                                          TimestampBytes transferredDirectionData
                                          Apr 29, 2024 10:17:53.741703033 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                          Host: ip-api.com
                                          Connection: Keep-Alive
                                          Apr 29, 2024 10:17:53.921405077 CEST174INHTTP/1.1 200 OK
                                          Date: Mon, 29 Apr 2024 08:17:53 GMT
                                          Content-Type: text/plain; charset=utf-8
                                          Content-Length: 5
                                          Access-Control-Allow-Origin: *
                                          X-Ttl: 60
                                          X-Rl: 44
                                          Data Raw: 74 72 75 65 0a
                                          Data Ascii: true


                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.549707104.26.13.2054432140C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-29 08:17:53 UTC155OUTGET / HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                          Host: api.ipify.org
                                          Connection: Keep-Alive
                                          2024-04-29 08:17:53 UTC211INHTTP/1.1 200 OK
                                          Date: Mon, 29 Apr 2024 08:17:53 GMT
                                          Content-Type: text/plain
                                          Content-Length: 12
                                          Connection: close
                                          Vary: Origin
                                          CF-Cache-Status: DYNAMIC
                                          Server: cloudflare
                                          CF-RAY: 87bddbb44f426057-ORD
                                          2024-04-29 08:17:53 UTC12INData Raw: 38 31 2e 31 38 31 2e 36 32 2e 39 30
                                          Data Ascii: 81.181.62.90


                                          SMTP Packets

                                          TimestampSource PortDest PortSource IPDest IPCommands
                                          Apr 29, 2024 10:17:55.722220898 CEST5874971077.93.220.4192.168.2.5220 mxp.anafra.net ESMTP Postfix (Debian/GNU)
                                          Apr 29, 2024 10:17:55.722390890 CEST49710587192.168.2.577.93.220.4EHLO 715575
                                          Apr 29, 2024 10:17:55.943980932 CEST5874971077.93.220.4192.168.2.5250-mxp.anafra.net
                                          250-PIPELINING
                                          250-SIZE 52428800
                                          250-STARTTLS
                                          250-AUTH PLAIN LOGIN
                                          250-AUTH=PLAIN LOGIN
                                          250-ENHANCEDSTATUSCODES
                                          250 8BITMIME
                                          Apr 29, 2024 10:17:55.944952965 CEST49710587192.168.2.577.93.220.4AUTH login cG9rbG9wc2VydmlzQHdveGkuY3o=
                                          Apr 29, 2024 10:17:56.166390896 CEST5874971077.93.220.4192.168.2.5334 UGFzc3dvcmQ6
                                          Apr 29, 2024 10:17:56.388094902 CEST5874971077.93.220.4192.168.2.5235 2.7.0 Authentication successful
                                          Apr 29, 2024 10:17:56.388509989 CEST49710587192.168.2.577.93.220.4MAIL FROM:<poklopservis@woxi.cz>
                                          Apr 29, 2024 10:17:56.611406088 CEST5874971077.93.220.4192.168.2.5250 2.1.0 Ok
                                          Apr 29, 2024 10:17:56.749385118 CEST49710587192.168.2.577.93.220.4RCPT TO:<hellovicky@engineer.com>
                                          Apr 29, 2024 10:17:56.973268032 CEST5874971077.93.220.4192.168.2.5250 2.1.5 Ok
                                          Apr 29, 2024 10:17:57.074088097 CEST49710587192.168.2.577.93.220.4DATA
                                          Apr 29, 2024 10:17:57.307060003 CEST5874971077.93.220.4192.168.2.5354 End data with <CR><LF>.<CR><LF>
                                          Apr 29, 2024 10:17:57.587116957 CEST49710587192.168.2.577.93.220.4.
                                          Apr 29, 2024 10:17:57.819467068 CEST5874971077.93.220.4192.168.2.5250 2.0.0 Ok: queued as D4DAE1B201A
                                          Apr 29, 2024 10:19:34.711077929 CEST49710587192.168.2.577.93.220.4QUIT
                                          Apr 29, 2024 10:19:34.932605028 CEST5874971077.93.220.4192.168.2.5221 2.0.0 Bye

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:10:17:49
                                          Start date:29/04/2024
                                          Path:C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"
                                          Imagebase:0xd30000
                                          File size:738'816 bytes
                                          MD5 hash:F9A9054852E6529E9E3D8B392241601C
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2022036675.0000000007BB0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2010581386.0000000004EFE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2010581386.0000000004E82000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2008266464.0000000003259000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:3
                                          Start time:10:17:50
                                          Start date:29/04/2024
                                          Path:C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"
                                          Imagebase:0x50000
                                          File size:738'816 bytes
                                          MD5 hash:F9A9054852E6529E9E3D8B392241601C
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:4
                                          Start time:10:17:50
                                          Start date:29/04/2024
                                          Path:C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\Rendeles_042024,jpg.scr.exe"
                                          Imagebase:0xc40000
                                          File size:738'816 bytes
                                          MD5 hash:F9A9054852E6529E9E3D8B392241601C
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3249220624.000000000302D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3247016161.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3249220624.0000000003035000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3249220624.0000000003004000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3249220624.0000000003004000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:10.3%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:68
                                            Total number of Limit Nodes:6
                                            execution_graph 23014 316ce53 23015 316ce5c 23014->23015 23016 316cec2 23015->23016 23017 316cf6c 23015->23017 23018 316cf1a CallWindowProcW 23016->23018 23020 316cec9 23016->23020 23021 3169afc 23017->23021 23018->23020 23022 3169b07 23021->23022 23024 316b829 23022->23024 23025 3169c24 CallWindowProcW 23022->23025 23024->23024 23025->23024 23026 3163910 23029 3163a08 23026->23029 23027 316391f 23030 3163a19 23029->23030 23031 3163a3c 23029->23031 23030->23031 23037 3163cd8 23030->23037 23041 3163ce8 23030->23041 23031->23027 23032 3163a34 23032->23031 23033 3163c5d GetModuleHandleW 23032->23033 23034 3163c9c 23033->23034 23034->23027 23038 3163ce8 23037->23038 23040 3163d21 23038->23040 23045 31633f8 23038->23045 23040->23032 23042 3163cfc 23041->23042 23043 31633f8 LoadLibraryExW 23042->23043 23044 3163d21 23042->23044 23043->23044 23044->23032 23046 3163f08 LoadLibraryExW 23045->23046 23048 3163fc4 23046->23048 23048->23040 23049 316a710 23050 316a7a8 CreateWindowExW 23049->23050 23052 316a8e6 23050->23052 23094 3166020 23095 3166025 DuplicateHandle 23094->23095 23096 31660fd 23095->23096 23063 2ff8268 23064 2ff82b5 VirtualProtect 23063->23064 23065 2ff8321 23064->23065 23066 13bd01c 23067 13bd034 23066->23067 23068 13bd08e 23067->23068 23069 3169afc CallWindowProcW 23067->23069 23073 316a9a8 23067->23073 23077 316a998 23067->23077 23081 316b7c8 23067->23081 23069->23068 23074 316a9ad 23073->23074 23075 3169afc CallWindowProcW 23074->23075 23076 316a9ef 23075->23076 23076->23068 23078 316a9a8 23077->23078 23079 3169afc CallWindowProcW 23078->23079 23080 316a9ef 23079->23080 23080->23068 23082 316b7d8 23081->23082 23084 316b829 23082->23084 23085 3169c24 CallWindowProcW 23082->23085 23084->23084 23085->23084 23053 3165dd8 23054 3165e1e GetCurrentProcess 23053->23054 23056 3165e70 GetCurrentThread 23054->23056 23057 3165e69 23054->23057 23058 3165ea6 23056->23058 23059 3165ead GetCurrentProcess 23056->23059 23057->23056 23058->23059 23062 3165ee3 23059->23062 23060 3165f0b GetCurrentThreadId 23061 3165f3c 23060->23061 23062->23060 23086 2ffc990 23087 2ffc9b7 23086->23087 23088 2ffca94 23087->23088 23090 2ffc2fc 23087->23090 23091 2ffda48 CreateActCtxA 23090->23091 23093 2ffdb4e 23091->23093

                                            Executed Functions

                                            Function 02FF1343 Relevance: 2.7, Strings: 2, Instructions: 244COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1124 2ff1343-2ff13fb 1126 2ff13fd 1124->1126 1127 2ff1402-2ff145c call 2ff00e4 1124->1127 1126->1127 1131 2ff145f 1127->1131 1132 2ff1466-2ff1482 1131->1132 1133 2ff148b-2ff148c 1132->1133 1134 2ff1484 1132->1134 1137 2ff15c8-2ff1638 call 2ff00f4 1133->1137 1134->1131 1134->1133 1135 2ff1549-2ff1560 1134->1135 1136 2ff1598-2ff159c 1134->1136 1134->1137 1138 2ff14d6-2ff14de call 2ff1b30 1134->1138 1139 2ff1565-2ff1593 1134->1139 1140 2ff1504-2ff1544 1134->1140 1141 2ff1491-2ff14d4 1134->1141 1135->1132 1142 2ff15af-2ff15b6 1136->1142 1143 2ff159e-2ff15ad 1136->1143 1159 2ff163a call 2ff26af 1137->1159 1160 2ff163a call 2ff2d5a 1137->1160 1161 2ff163a call 2ff2699 1137->1161 1162 2ff163a call 2ff2627 1137->1162 1163 2ff163a call 2ff2550 1137->1163 1147 2ff14e4-2ff14ff 1138->1147 1139->1132 1140->1132 1141->1132 1146 2ff15bd-2ff15c3 1142->1146 1143->1146 1146->1132 1147->1132 1157 2ff1640-2ff164a 1159->1157 1160->1157 1161->1157 1162->1157 1163->1157
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q
                                            • API String ID: 0-3320153681
                                            • Opcode ID: 7e84aee911ef92accc92fd35491b96208b698a9c5cb1310f694f524abac37ca4
                                            • Instruction ID: 5ee09093d4c0154f6065ca99908cae267ccba4f5190ab5d35535ed61f8a7dd40
                                            • Opcode Fuzzy Hash: 7e84aee911ef92accc92fd35491b96208b698a9c5cb1310f694f524abac37ca4
                                            • Instruction Fuzzy Hash: 18A11370E04249CFDB44CFA9C9906EEFBB2FF8A300F24846AD959AB265D7305946CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF13D8 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1248 2ff13d8-2ff13fb 1249 2ff13fd 1248->1249 1250 2ff1402-2ff145c call 2ff00e4 1248->1250 1249->1250 1254 2ff145f 1250->1254 1255 2ff1466-2ff1482 1254->1255 1256 2ff148b-2ff148c 1255->1256 1257 2ff1484 1255->1257 1260 2ff15c8-2ff1638 call 2ff00f4 1256->1260 1257->1254 1257->1256 1258 2ff1549-2ff1560 1257->1258 1259 2ff1598-2ff159c 1257->1259 1257->1260 1261 2ff14d6-2ff14de call 2ff1b30 1257->1261 1262 2ff1565-2ff1593 1257->1262 1263 2ff1504-2ff1544 1257->1263 1264 2ff1491-2ff14d4 1257->1264 1258->1255 1265 2ff15af-2ff15b6 1259->1265 1266 2ff159e-2ff15ad 1259->1266 1281 2ff163a call 2ff26af 1260->1281 1282 2ff163a call 2ff2d5a 1260->1282 1283 2ff163a call 2ff2699 1260->1283 1284 2ff163a call 2ff2627 1260->1284 1285 2ff163a call 2ff2550 1260->1285 1270 2ff14e4-2ff14ff 1261->1270 1262->1255 1263->1255 1264->1255 1269 2ff15bd-2ff15c3 1265->1269 1266->1269 1269->1255 1270->1255 1280 2ff1640-2ff164a 1281->1280 1282->1280 1283->1280 1284->1280 1285->1280
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q
                                            • API String ID: 0-3320153681
                                            • Opcode ID: d788539be0760ce997ae58d8acf5eb17f6c484f3f4e77bb309ab557871c1e204
                                            • Instruction ID: 95ec1f8942f518cc961980a9e96826097a86e37a545264bf31d4251ed80fc000
                                            • Opcode Fuzzy Hash: d788539be0760ce997ae58d8acf5eb17f6c484f3f4e77bb309ab557871c1e204
                                            • Instruction Fuzzy Hash: 73819174E00219CFDB48CFA9D984AAEFBB2FF89300F14852AD619AB364D7349905CF54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03169B24 Relevance: .3, Instructions: 253COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 083f72e50e494089c23816b053c8d3d874cf5b9dc9783f60b24f7d0a4b40324f
                                            • Instruction ID: 93f411591122910da55e75f7b696b2f87caab86a84127ea16e0a76fc6260960f
                                            • Opcode Fuzzy Hash: 083f72e50e494089c23816b053c8d3d874cf5b9dc9783f60b24f7d0a4b40324f
                                            • Instruction Fuzzy Hash: CBA18F75E0031A8FCB04DFA4D8549DDFBBAFF8E304F158619E419AB264DB30A891CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03169B18 Relevance: .2, Instructions: 221COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c9228356af2ee875841e8c26c72740b7ebc08d98f5da501e68a497de72670652
                                            • Instruction ID: 5401d1f61a7a17a040b7ba82758c7772b4458ce8dac3da81e8c931672487e8e8
                                            • Opcode Fuzzy Hash: c9228356af2ee875841e8c26c72740b7ebc08d98f5da501e68a497de72670652
                                            • Instruction Fuzzy Hash: F6917D75E0031A8FCB04DFA4D8548DDFBBAFF9E314B148619E419AB2A4DB30A895CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0316AB3E Relevance: .2, Instructions: 212COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8bf72d9769b22935e6071250d478170df7b2565df5cfc74d71be1d07bb354f31
                                            • Instruction ID: c0a0c47cedd53069ed3043166753aafc6748aeb5aacc9fdbc1d8a6754d3d6c4b
                                            • Opcode Fuzzy Hash: 8bf72d9769b22935e6071250d478170df7b2565df5cfc74d71be1d07bb354f31
                                            • Instruction Fuzzy Hash: CE916E75E0031A9FCB04DFB0D8448DDFBBAFF9E314B148619E419AB2A4DB30A991CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF1B30 Relevance: .1, Instructions: 146COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 28e4266aaa650004676966bd67264353e95b590b87c6c5f9619e3b8e0ddd8ff4
                                            • Instruction ID: 03769f625a2fbc4c1cf1548fff417360d2b24c647d8d2fc85949756dae6ead83
                                            • Opcode Fuzzy Hash: 28e4266aaa650004676966bd67264353e95b590b87c6c5f9619e3b8e0ddd8ff4
                                            • Instruction Fuzzy Hash: F7513874E05209CFDB48CFAAC5406AEFBF2EF88340F14D06AD619A7265E7349A41CF64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302EB08 Relevance: .1, Instructions: 97COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3e038d3a1a3cc546b4ac896bf79f409b0c4ead699c410c9ad4d3b34b4c829a3e
                                            • Instruction ID: 4a3acf8346d26770d47155fde2e06f7c64e924cb34aff4a74e32d73565885ebf
                                            • Opcode Fuzzy Hash: 3e038d3a1a3cc546b4ac896bf79f409b0c4ead699c410c9ad4d3b34b4c829a3e
                                            • Instruction Fuzzy Hash: D84199B4D022199FDB20DFE9C984A9EFFF5AB09300F20942AE418BB354D775A945CF58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF2550 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5aa3f104885b2110ec8f94bae766238a551ddb3e5c56b9f35b6efdd54435cd43
                                            • Instruction ID: 98bf15c4a16d9f4bdf058eaa4afd3613fdcf7efce40248cc5676d3c05cac18ff
                                            • Opcode Fuzzy Hash: 5aa3f104885b2110ec8f94bae766238a551ddb3e5c56b9f35b6efdd54435cd43
                                            • Instruction Fuzzy Hash: 8B314871E002588FDB28CFAAD88468EBBB7BFC9310F14C0AAD509AB264DB345945CF40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF08D0 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a40f5f2d01809ee6bc2ce9b9f0d415bf875f377752865484c33773baee27242e
                                            • Instruction ID: a8f4ff200270b0749100a1c6ec2eebf6ed008eea73822dc13a6b389759ee80f2
                                            • Opcode Fuzzy Hash: a40f5f2d01809ee6bc2ce9b9f0d415bf875f377752865484c33773baee27242e
                                            • Instruction Fuzzy Hash: D5210A71E046188FEB58CFABD84079EFBF7AFC9200F04C4BAC918A6224EB3059558F51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302F4A0 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: efb4030b286436b1459b2c473000050e2738663f3a8256de2c136d58780b38c4
                                            • Instruction ID: b0afd27da073e017de246eb78b412afd8afba98e0ce4603b7873be8ff025b466
                                            • Opcode Fuzzy Hash: efb4030b286436b1459b2c473000050e2738663f3a8256de2c136d58780b38c4
                                            • Instruction Fuzzy Hash: 7421BFB8D05219DFCB04CFAAD4446EEFBF1AB49350F24E12AE824B7250D7349941CF58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03022795 Relevance: 28.1, Strings: 22, Instructions: 598COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fbq$ fbq$ fbq$ fbq$ fbq$ fbq$ fbq$Te]q$Te]q$Te]q$XX]q$XX]q$XX]q$XX]q$XX]q$XX]q$$]q$$]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1647153398
                                            • Opcode ID: ce1c8d69fc16d98e9d613a29ab39a9d62fb427fffe765b877d332bcb4d5d8ea6
                                            • Instruction ID: abb4f2dac9472cbe6699e7a988333f858812591e7eab2775fb47621ca30be6ba
                                            • Opcode Fuzzy Hash: ce1c8d69fc16d98e9d613a29ab39a9d62fb427fffe765b877d332bcb4d5d8ea6
                                            • Instruction Fuzzy Hash: 6C326030A05268CFDB94DFD8C994BADBBFABB84700F648D65E402AB395CB749C41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03021478 Relevance: 14.2, Strings: 11, Instructions: 437COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 536 3021478-30214b3 537 30214be-3021529 call 3021c50 call 3021004 536->537 686 30214b8 call 3021b63 536->686 548 302152b-302152e 537->548 549 3021530 548->549 550 3021537-302153c 548->550 549->550 551 30216c3-30216d2 549->551 552 3021626-3021693 549->552 553 3021786-302178a 549->553 554 3021704-3021708 549->554 555 30217eb 549->555 556 30215a8-30215e8 549->556 557 3021609-3021613 549->557 558 302158e-3021598 549->558 559 30217cf-30217e9 549->559 560 302174d 549->560 561 3021734-302173b 549->561 562 3021698-30216ab 549->562 563 302153e-3021544 549->563 564 30215ff-3021604 549->564 550->548 603 30216d4-30216db 551->603 604 30216eb-30216f5 551->604 552->548 577 30217ab 553->577 578 302178c-3021795 553->578 570 302170a-3021713 554->570 571 302172b 554->571 585 30217f8-30217fb 555->585 643 30215ee-30215fa 556->643 644 30216ad 556->644 572 3021615 557->572 573 302161f-3021624 557->573 568 30215a1-30215a6 558->568 569 302159a 558->569 576 302177a-302177d 559->576 560->576 574 3021750-3021775 561->574 575 302173d-3021748 561->575 567 30216b2 562->567 565 3021546-3021548 563->565 566 302154a-3021556 563->566 564->548 583 3021558-302158c 565->583 566->583 586 30216b7-30216ba 567->586 568->556 584 302159f 568->584 569->584 591 3021715-3021718 570->591 592 302171a-3021727 570->592 589 302172e 571->589 590 302161a 572->590 573->552 573->590 574->576 575->586 576->553 594 302177f 576->594 595 30217ae-30217b0 577->595 580 3021797-302179a 578->580 581 302179c-302179f 578->581 596 30217a9 580->596 581->596 583->548 584->548 600 302180d-3021871 585->600 601 30217fd 585->601 586->551 602 30216bc 586->602 589->561 590->548 605 3021729 591->605 592->605 594->553 594->555 594->559 594->600 607 30218d0-30218d5 594->607 608 3021a80-3021a85 594->608 609 3021ac1-3021ac8 594->609 610 3021a8a-3021ab3 594->610 611 30218da-30218de 594->611 612 302199b-30219c5 call 316ff78 594->612 613 30219ed-3021a7d 594->613 598 30217b2 595->598 599 30217b9-30217c0 595->599 596->595 622 30217b7 598->622 614 30217c2-30217cd 599->614 615 30217ee-30217f3 599->615 668 3021879-30218b5 600->668 601->600 601->607 601->608 601->609 601->610 601->611 601->612 601->613 602->551 602->553 602->554 602->555 602->559 602->560 602->561 603->574 625 30216dd-30216e4 603->625 604->574 624 30216f7-3021702 604->624 605->589 607->585 608->585 662 3021aba-3021abc 610->662 616 30218e0-30218e9 611->616 617 3021901 611->617 656 30219cd-30219d7 612->656 613->608 614->559 614->622 615->585 628 30218f0-30218fd 616->628 629 30218eb-30218ee 616->629 634 3021904-3021976 617->634 622->576 624->554 630 30216e9 624->630 625->630 636 30218ff 628->636 629->636 630->586 672 3021978-302197e 634->672 673 302198e-3021996 634->673 636->634 643->548 644->567 656->615 660 30219dd-30219e8 656->660 660->585 662->585 680 30218b7-30218bd 668->680 681 30218cd 668->681 675 3021982-3021984 672->675 676 3021980 672->676 673->585 675->673 676->673 682 30218c1-30218c3 680->682 683 30218bf 680->683 681->607 682->681 683->681 686->537
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-2237115325
                                            • Opcode ID: 5f0729615e9e5f2dfb32954f940a16c96c31fb7a5b1262a32b3e56d1f5e730cf
                                            • Instruction ID: 741e298ad8e137e3137700b058f16eaf89b0d908518c471dfbe7ea037c1bf935
                                            • Opcode Fuzzy Hash: 5f0729615e9e5f2dfb32954f940a16c96c31fb7a5b1262a32b3e56d1f5e730cf
                                            • Instruction Fuzzy Hash: 2DF19274B41218DFDB18DFA8C855BAE7AF6AFC8700F148865E906AB3D4DE748C42CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03021469 Relevance: 10.4, Strings: 8, Instructions: 391COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 688 3021469-30214be call 3021b63 call 3021c50 690 30214c4-3021529 call 3021004 688->690 700 302152b-302152e 690->700 701 3021530 700->701 702 3021537-302153c 700->702 701->702 703 30216c3-30216d2 701->703 704 3021626-3021693 701->704 705 3021786-302178a 701->705 706 3021704-3021708 701->706 707 30217eb 701->707 708 30215a8-30215e8 701->708 709 3021609-3021613 701->709 710 302158e-3021598 701->710 711 30217cf-30217e9 701->711 712 302174d 701->712 713 3021734-302173b 701->713 714 3021698-30216ab 701->714 715 302153e-3021544 701->715 716 30215ff-3021604 701->716 702->700 755 30216d4-30216db 703->755 756 30216eb-30216f5 703->756 704->700 729 30217ab 705->729 730 302178c-3021795 705->730 722 302170a-3021713 706->722 723 302172b 706->723 737 30217f8-30217fb 707->737 795 30215ee-30215fa 708->795 796 30216ad 708->796 724 3021615 709->724 725 302161f-3021624 709->725 720 30215a1-30215a6 710->720 721 302159a 710->721 728 302177a-302177d 711->728 712->728 726 3021750-3021775 713->726 727 302173d-3021748 713->727 719 30216b2 714->719 717 3021546-3021548 715->717 718 302154a-3021556 715->718 716->700 735 3021558-302158c 717->735 718->735 738 30216b7-30216ba 719->738 720->708 736 302159f 720->736 721->736 743 3021715-3021718 722->743 744 302171a-3021727 722->744 741 302172e 723->741 742 302161a 724->742 725->704 725->742 726->728 727->738 728->705 746 302177f 728->746 747 30217ae-30217b0 729->747 732 3021797-302179a 730->732 733 302179c-302179f 730->733 748 30217a9 732->748 733->748 735->700 736->700 752 302180d-3021810 737->752 753 30217fd 737->753 738->703 754 30216bc 738->754 741->713 742->700 757 3021729 743->757 744->757 746->705 746->707 746->711 746->752 759 30218d0-30218d5 746->759 760 3021a80-3021a85 746->760 761 3021ac1-3021ac8 746->761 762 3021a8a-3021aa1 746->762 763 30218da-30218de 746->763 764 302199b-302199e 746->764 765 30219ed-3021a7d 746->765 750 30217b2 747->750 751 30217b9-30217c0 747->751 748->747 774 30217b7 750->774 766 30217c2-30217cd 751->766 767 30217ee-30217f3 751->767 783 302181a-3021826 752->783 753->752 753->759 753->760 753->761 753->762 753->763 753->764 753->765 754->703 754->705 754->706 754->707 754->711 754->712 754->713 755->726 777 30216dd-30216e4 755->777 756->726 776 30216f7-3021702 756->776 757->741 759->737 760->737 805 3021aab-3021ab3 762->805 768 30218e0-30218e9 763->768 769 3021901 763->769 784 30219a7-30219a9 764->784 765->760 766->711 766->774 767->737 780 30218f0-30218fd 768->780 781 30218eb-30218ee 768->781 786 3021904-3021976 769->786 774->728 776->706 782 30216e9 776->782 777->782 788 30218ff 780->788 781->788 782->738 794 3021831-3021855 783->794 798 30219b3-30219c5 call 316ff78 784->798 824 3021978-302197e 786->824 825 302198e-3021996 786->825 788->786 817 3021860-3021871 794->817 795->700 796->719 808 30219cd-30219d7 798->808 814 3021aba-3021abc 805->814 808->767 812 30219dd-30219e8 808->812 812->737 814->737 820 3021879-30218b5 817->820 832 30218b7-30218bd 820->832 833 30218cd 820->833 827 3021982-3021984 824->827 828 3021980 824->828 825->737 827->825 828->825 834 30218c1-30218c3 832->834 835 30218bf 832->835 833->759 834->833 835->833
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q$Te]q$Te]q$Te]q$Te]q$Te]q$$]q$$]q
                                            • API String ID: 0-2016595432
                                            • Opcode ID: d94634aa330c96a0eefb8ef6454ab4f29dce2349f439b6e1dbdd885d4af1650e
                                            • Instruction ID: 184d601e4bbf2ddf206196d18cfc205976a164e27a1db7fdde5be7774642e248
                                            • Opcode Fuzzy Hash: d94634aa330c96a0eefb8ef6454ab4f29dce2349f439b6e1dbdd885d4af1650e
                                            • Instruction Fuzzy Hash: D1E19274B41214DFDB18DFA8C8557AE7AF6ABC8700F248866E902AB3D4DE748C42DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03022C60 Relevance: 10.2, Strings: 8, Instructions: 226COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 840 3022c60 841 3022c61-3022c70 840->841 843 3022c72-3022c78 841->843 844 3022c88-3022ca5 841->844 845 3022c7a 843->845 846 3022c7c-3022c7e 843->846 848 3022ca7-3022cb0 844->848 849 3022cc8 844->849 845->844 846->844 850 3022cb2-3022cb5 848->850 851 3022cb7-3022cc4 848->851 852 3022ccb-3022cff 849->852 853 3022cc6 850->853 851->853 857 3022c4c-3022c4f 852->857 853->852 857->841 858 3022c51 857->858 858->841 859 3022f53-3022f57 858->859 860 3022df1-3022e04 858->860 861 3022d04-3022d08 858->861 862 3022ec4-3022ec9 858->862 863 3022dd4-3022ddb 858->863 864 3022fd5-3022fe9 858->864 865 3022da8-3022dc1 858->865 866 3022e69-3022e76 858->866 867 3022ece-3022ed2 858->867 868 3022fec-3022ff5 858->868 869 3022e8d-3022ea0 858->869 875 3022f7a 859->875 876 3022f59-3022f62 859->876 873 3022ff8-3022ffe 860->873 901 3022e0a-3022e1f 860->901 877 3022d0a-3022d13 861->877 878 3022d2b 861->878 862->857 872 3022de1-3022dec 863->872 863->873 911 3022dcc-3022dd1 865->911 866->873 874 3022e7c-3022e88 866->874 870 3022ed4-3022edd 867->870 871 3022ef5 867->871 896 3022ea2-3022ea9 869->896 897 3022ebd-3022ec2 869->897 886 3022ee4-3022ef1 870->886 887 3022edf-3022ee2 870->887 889 3022ef8-3022efc 871->889 872->857 885 3022f7d-3022f81 875->885 881 3022f64-3022f67 876->881 882 3022f69-3022f76 876->882 890 3022d15-3022d18 877->890 891 3022d1a-3022d27 877->891 880 3022d2e-3022d32 878->880 892 3022d34-3022d46 880->892 893 3022d48 880->893 895 3022f78 881->895 882->895 898 3022fa2 885->898 899 3022f83-3022f8c 885->899 900 3022ef3 886->900 887->900 902 3022efe-3022f07 889->902 903 3022f1f 889->903 904 3022d29 890->904 891->904 907 3022d4b-3022d4f 892->907 893->907 895->885 896->873 908 3022eaf-3022eb3 896->908 910 3022eb8 897->910 915 3022fa5-3022fb3 898->915 912 3022f93-3022f96 899->912 913 3022f8e-3022f91 899->913 900->889 929 3022e31 901->929 930 3022e21-3022e2f 901->930 916 3022f09-3022f0c 902->916 917 3022f0e-3022f1b 902->917 906 3022f22-3022f2e 903->906 904->880 932 3022f30-3022f36 906->932 933 3022f46-3022f4e 906->933 918 3022d70 907->918 919 3022d51-3022d5a 907->919 908->910 910->857 911->863 920 3022fa0 912->920 913->920 935 3022fb5 915->935 936 3022fbf-3022fc6 915->936 922 3022f1d 916->922 917->922 927 3022d73-3022d91 918->927 925 3022d61-3022d64 919->925 926 3022d5c-3022d5f 919->926 920->915 922->906 934 3022d6e 925->934 926->934 927->873 946 3022d97-3022da3 927->946 931 3022e33-3022e35 929->931 930->931 938 3022e37-3022e3d 931->938 939 3022e4f-3022e64 931->939 940 3022f3a-3022f3c 932->940 941 3022f38 932->941 934->927 943 3022fba 935->943 936->873 937 3022fc8-3022fd3 936->937 937->943 944 3022e41-3022e4d 938->944 945 3022e3f 938->945 939->857 940->933 941->933 943->857 944->939 945->939
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fbq$ fbq$Te]q$XX]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1505870616
                                            • Opcode ID: 2e8fce3ba5d4093c66bf54f23b3f7bab74fc4d81273e5b6e01b4fad48a7692d7
                                            • Instruction ID: 18b03d293a2abf926504b785e229f6c8d9d2381b311e93e0d2ad6c1876f173b8
                                            • Opcode Fuzzy Hash: 2e8fce3ba5d4093c66bf54f23b3f7bab74fc4d81273e5b6e01b4fad48a7692d7
                                            • Instruction Fuzzy Hash: 84918030A06268CFDBE9CFD8C544BADBFBABB44701F688D66E4016B2A5C7709C41DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03022C47 Relevance: 10.2, Strings: 8, Instructions: 213COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 949 3022c47 950 3022c4c-3022c4f 949->950 951 3022c61-3022c70 950->951 952 3022c51 950->952 976 3022c72-3022c78 951->976 977 3022c88-3022ca5 951->977 952->951 953 3022f53-3022f57 952->953 954 3022df1-3022e04 952->954 955 3022d04-3022d08 952->955 956 3022ec4-3022ec9 952->956 957 3022dd4-3022ddb 952->957 958 3022fd5-3022fe9 952->958 959 3022da8-3022dc1 952->959 960 3022e69-3022e76 952->960 961 3022ece-3022ed2 952->961 962 3022fec-3022ff5 952->962 963 3022e8d-3022ea0 952->963 970 3022f7a 953->970 971 3022f59-3022f62 953->971 967 3022ff8-3022ffe 954->967 1000 3022e0a-3022e1f 954->1000 972 3022d0a-3022d13 955->972 973 3022d2b 955->973 956->950 966 3022de1-3022dec 957->966 957->967 1011 3022dcc-3022dd1 959->1011 960->967 969 3022e7c-3022e88 960->969 964 3022ed4-3022edd 961->964 965 3022ef5 961->965 995 3022ea2-3022ea9 963->995 996 3022ebd-3022ec2 963->996 983 3022ee4-3022ef1 964->983 984 3022edf-3022ee2 964->984 986 3022ef8-3022efc 965->986 966->950 982 3022f7d-3022f81 970->982 978 3022f64-3022f67 971->978 979 3022f69-3022f76 971->979 987 3022d15-3022d18 972->987 988 3022d1a-3022d27 972->988 975 3022d2e-3022d32 973->975 989 3022d34-3022d46 975->989 990 3022d48 975->990 992 3022c7a 976->992 993 3022c7c-3022c7e 976->993 1020 3022ca7-3022cb0 977->1020 1021 3022cc8 977->1021 994 3022f78 978->994 979->994 997 3022fa2 982->997 998 3022f83-3022f8c 982->998 999 3022ef3 983->999 984->999 1001 3022efe-3022f07 986->1001 1002 3022f1f 986->1002 1003 3022d29 987->1003 988->1003 1006 3022d4b-3022d4f 989->1006 990->1006 992->977 993->977 994->982 995->967 1008 3022eaf-3022eb3 995->1008 1010 3022eb8 996->1010 1015 3022fa5-3022fb3 997->1015 1012 3022f93-3022f96 998->1012 1013 3022f8e-3022f91 998->1013 999->986 1034 3022e31 1000->1034 1035 3022e21-3022e2f 1000->1035 1016 3022f09-3022f0c 1001->1016 1017 3022f0e-3022f1b 1001->1017 1005 3022f22-3022f2e 1002->1005 1003->975 1037 3022f30-3022f36 1005->1037 1038 3022f46-3022f4e 1005->1038 1018 3022d70 1006->1018 1019 3022d51-3022d5a 1006->1019 1008->1010 1010->950 1011->957 1022 3022fa0 1012->1022 1013->1022 1041 3022fb5 1015->1041 1042 3022fbf-3022fc6 1015->1042 1024 3022f1d 1016->1024 1017->1024 1029 3022d73-3022d91 1018->1029 1027 3022d61-3022d64 1019->1027 1028 3022d5c-3022d5f 1019->1028 1030 3022cb2-3022cb5 1020->1030 1031 3022cb7-3022cc4 1020->1031 1032 3022ccb-3022cef 1021->1032 1022->1015 1024->1005 1039 3022d6e 1027->1039 1028->1039 1029->967 1054 3022d97-3022da3 1029->1054 1040 3022cc6 1030->1040 1031->1040 1056 3022cf7-3022cff 1032->1056 1036 3022e33-3022e35 1034->1036 1035->1036 1044 3022e37-3022e3d 1036->1044 1045 3022e4f-3022e64 1036->1045 1046 3022f3a-3022f3c 1037->1046 1047 3022f38 1037->1047 1039->1029 1040->1032 1051 3022fba 1041->1051 1042->967 1043 3022fc8-3022fd3 1042->1043 1043->1051 1052 3022e41-3022e4d 1044->1052 1053 3022e3f 1044->1053 1045->950 1046->1038 1047->1038 1051->950 1052->1045 1053->1045 1056->950
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fbq$ fbq$Te]q$XX]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1505870616
                                            • Opcode ID: 6872900441a5b9ff12afdcb0a408a254b70a00760bc69abbc21f756ac8707dad
                                            • Instruction ID: baacdc1a1416679805c3bc35dd414561de23e0bee9b8d02298192fa73e203a48
                                            • Opcode Fuzzy Hash: 6872900441a5b9ff12afdcb0a408a254b70a00760bc69abbc21f756ac8707dad
                                            • Instruction Fuzzy Hash: 4D81B330A06268CFDBE5CFD8C544BADBBF9BB44701F688D66E4026B2A5C7309C41DB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03165DC8 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1058 3165dc8-3165e67 GetCurrentProcess 1062 3165e70-3165ea4 GetCurrentThread 1058->1062 1063 3165e69-3165e6f 1058->1063 1064 3165ea6-3165eac 1062->1064 1065 3165ead-3165ee1 GetCurrentProcess 1062->1065 1063->1062 1064->1065 1066 3165ee3-3165ee9 1065->1066 1067 3165eea-3165f05 call 3165fa8 1065->1067 1066->1067 1071 3165f0b-3165f3a GetCurrentThreadId 1067->1071 1072 3165f43-3165fa5 1071->1072 1073 3165f3c-3165f42 1071->1073 1073->1072
                                            APIs
                                            • GetCurrentProcess.KERNEL32 ref: 03165E56
                                            • GetCurrentThread.KERNEL32 ref: 03165E93
                                            • GetCurrentProcess.KERNEL32 ref: 03165ED0
                                            • GetCurrentThreadId.KERNEL32 ref: 03165F29
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: Current$ProcessThread
                                            • String ID:
                                            • API String ID: 2063062207-0
                                            • Opcode ID: 495cee6dc1c412c73ecaa59066fceac88c0503308f4825149d02a53fdcb839b7
                                            • Instruction ID: 34f5e1a414cb16452e40bc620b94ec7a1318141923aec02a6b4b866e3e212afb
                                            • Opcode Fuzzy Hash: 495cee6dc1c412c73ecaa59066fceac88c0503308f4825149d02a53fdcb839b7
                                            • Instruction Fuzzy Hash: B75154B09002498FDB14DFAAD648BAEBFF2FF4D314F248459E009A72A0D7395984CB65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03165DD8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1080 3165dd8-3165e67 GetCurrentProcess 1084 3165e70-3165ea4 GetCurrentThread 1080->1084 1085 3165e69-3165e6f 1080->1085 1086 3165ea6-3165eac 1084->1086 1087 3165ead-3165ee1 GetCurrentProcess 1084->1087 1085->1084 1086->1087 1088 3165ee3-3165ee9 1087->1088 1089 3165eea-3165f05 call 3165fa8 1087->1089 1088->1089 1093 3165f0b-3165f3a GetCurrentThreadId 1089->1093 1094 3165f43-3165fa5 1093->1094 1095 3165f3c-3165f42 1093->1095 1095->1094
                                            APIs
                                            • GetCurrentProcess.KERNEL32 ref: 03165E56
                                            • GetCurrentThread.KERNEL32 ref: 03165E93
                                            • GetCurrentProcess.KERNEL32 ref: 03165ED0
                                            • GetCurrentThreadId.KERNEL32 ref: 03165F29
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: Current$ProcessThread
                                            • String ID:
                                            • API String ID: 2063062207-0
                                            • Opcode ID: cad9b65c29d989c15404e5de9a2229f9c996c625e2890fb1c982030acb7e0574
                                            • Instruction ID: e722d56e2441226c0d2695a73dc4292b40ac1008ff95d9b28c2640f78dc337e8
                                            • Opcode Fuzzy Hash: cad9b65c29d989c15404e5de9a2229f9c996c625e2890fb1c982030acb7e0574
                                            • Instruction Fuzzy Hash: 925156B09002098FDB14DFAAD648BAEFBF6FF49314F208459D009A7260D7755984CF65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03021757 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1164 3021757-3021775 1168 302177a-302177d 1164->1168 1169 3021786-302178a 1168->1169 1170 302177f 1168->1170 1181 30217ab 1169->1181 1182 302178c-3021795 1169->1182 1170->1169 1171 30218d0-30218d5 1170->1171 1172 3021a80-3021a85 1170->1172 1173 3021ac1-3021ac8 1170->1173 1174 3021a8a-3021aa1 1170->1174 1175 30218da-30218de 1170->1175 1176 30217eb 1170->1176 1177 302199b-302199e 1170->1177 1178 30217cf-30217e9 1170->1178 1179 302180d-3021810 1170->1179 1180 30219ed-3021a7d 1170->1180 1185 30217f8-30217fb 1171->1185 1172->1185 1216 3021aab-3021ab3 1174->1216 1186 30218e0-30218e9 1175->1186 1187 3021901 1175->1187 1176->1185 1198 30219a7-30219a9 1177->1198 1178->1168 1189 302181a-3021826 1179->1189 1180->1172 1188 30217ae-30217b0 1181->1188 1183 3021797-302179a 1182->1183 1184 302179c-302179f 1182->1184 1190 30217a9 1183->1190 1184->1190 1185->1179 1199 30217fd 1185->1199 1194 30218f0-30218fd 1186->1194 1195 30218eb-30218ee 1186->1195 1200 3021904-3021976 1187->1200 1191 30217b2 1188->1191 1192 30217b9-30217c0 1188->1192 1205 3021831-3021855 1189->1205 1190->1188 1203 30217b7 1191->1203 1201 30217c2-30217cd 1192->1201 1202 30217ee-30217f3 1192->1202 1204 30218ff 1194->1204 1195->1204 1211 30219b3-30219c5 call 316ff78 1198->1211 1199->1171 1199->1172 1199->1173 1199->1174 1199->1175 1199->1177 1199->1179 1199->1180 1234 3021978-302197e 1200->1234 1235 302198e-3021996 1200->1235 1201->1178 1201->1203 1202->1185 1203->1168 1204->1200 1226 3021860-3021871 1205->1226 1219 30219cd-30219d7 1211->1219 1225 3021aba-3021abc 1216->1225 1219->1202 1223 30219dd-30219e8 1219->1223 1223->1185 1225->1185 1229 3021879-30218b5 1226->1229 1242 30218b7-30218bd 1229->1242 1243 30218cd 1229->1243 1237 3021982-3021984 1234->1237 1238 3021980 1234->1238 1235->1185 1237->1235 1238->1235 1244 30218c1-30218c3 1242->1244 1245 30218bf 1242->1245 1243->1171 1244->1243 1245->1243
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q
                                            • API String ID: 0-127220927
                                            • Opcode ID: 0cb12e8400893db4da9a76a34c2dd9ca4c812321eb0d4ae98807bb5b5f7998ff
                                            • Instruction ID: f1ebb683550cb54f797a07665a84252e50fae2e91e823e0d245d911a16f2bd0e
                                            • Opcode Fuzzy Hash: 0cb12e8400893db4da9a76a34c2dd9ca4c812321eb0d4ae98807bb5b5f7998ff
                                            • Instruction Fuzzy Hash: 25718034B412189FDB189B78D855BAE7FF6AFC8700F248825E906AB394DE748C41DB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03021804 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1287 3021804-302180b 1288 30217f3 1287->1288 1289 302180d-3021871 1287->1289 1290 30217f8-30217fb 1288->1290 1328 3021879-30218b5 1289->1328 1290->1289 1292 30217fd 1290->1292 1292->1289 1293 30218d0-30218d5 1292->1293 1294 3021a80-3021a85 1292->1294 1295 3021ac1-3021ac8 1292->1295 1296 3021a8a-3021ab3 1292->1296 1297 30218da-30218de 1292->1297 1298 302199b-30219c5 call 316ff78 1292->1298 1299 30219ed-3021a7d 1292->1299 1293->1290 1294->1290 1330 3021aba-3021abc 1296->1330 1301 30218e0-30218e9 1297->1301 1302 3021901 1297->1302 1323 30219cd-30219d7 1298->1323 1299->1294 1304 30218f0-30218fd 1301->1304 1305 30218eb-30218ee 1301->1305 1308 3021904-3021976 1302->1308 1310 30218ff 1304->1310 1305->1310 1339 3021978-302197e 1308->1339 1340 302198e-3021996 1308->1340 1310->1308 1326 30217ee 1323->1326 1327 30219dd-30219e8 1323->1327 1326->1288 1327->1290 1341 30218b7-30218bd 1328->1341 1342 30218cd 1328->1342 1330->1290 1344 3021982-3021984 1339->1344 1345 3021980 1339->1345 1340->1290 1346 30218c1-30218c3 1341->1346 1347 30218bf 1341->1347 1342->1293 1344->1340 1345->1340 1346->1342 1347->1342
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q
                                            • API String ID: 0-127220927
                                            • Opcode ID: 8f51ca4ffb91005dbfaee61499f6a624fa7e89aa8bc78d01e5a7d01951968e3d
                                            • Instruction ID: 4c1a0e08f0670275ffe6ba1d160d59e1af56e6163bb0c18690921b739b92e9a3
                                            • Opcode Fuzzy Hash: 8f51ca4ffb91005dbfaee61499f6a624fa7e89aa8bc78d01e5a7d01951968e3d
                                            • Instruction Fuzzy Hash: C6619234B402189FDB189B79C855BAE7BE6BFC8700F248925F906AB7D4DE748C01DB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03021D68 Relevance: 2.6, Strings: 2, Instructions: 69COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1351 3021d68-3021d76 1352 3021d78-3021d7c 1351->1352 1353 3021d7d-3021d89 1351->1353 1352->1353 1354 3021dbc-3021dcf 1353->1354 1356 3021d8b-3021d8e 1354->1356 1357 3021d90 1356->1357 1358 3021d97-3021dba 1356->1358 1357->1354 1357->1358 1359 3021dd8-3021dfa 1357->1359 1360 3021e3e-3021e45 1357->1360 1361 3021e1d-3021e39 1357->1361 1358->1356 1371 3021e05-3021e18 1359->1371 1362 3021e47-3021e4f 1360->1362 1363 3021e5d-3021e61 1360->1363 1361->1356 1362->1363 1371->1356
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 8aq$8aq
                                            • API String ID: 0-1589283582
                                            • Opcode ID: 48ea3b9463432a2dbd189c90f18ba2964cba02564f67fbff42a548ede372edd6
                                            • Instruction ID: 68cb810699d8064950a65f96906104ff11d090fa40e64d33d0b41d991377c21d
                                            • Opcode Fuzzy Hash: 48ea3b9463432a2dbd189c90f18ba2964cba02564f67fbff42a548ede372edd6
                                            • Instruction Fuzzy Hash: F421B431609261DFDB19DB6DDC40B6A7FA9EB81600B1544BAE502C72D4DA38CD02CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03163A08 Relevance: 1.7, APIs: 1, Instructions: 229COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(?), ref: 03163C8A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: 3563770bc907528884bff882b048a53b647ae9880ac99d3554ef9aaae529671f
                                            • Instruction ID: 7a6d84afeb6842b5114983e8e8ee59e90596eb3b580cef22e46b9f69685408d0
                                            • Opcode Fuzzy Hash: 3563770bc907528884bff882b048a53b647ae9880ac99d3554ef9aaae529671f
                                            • Instruction Fuzzy Hash: FE913274A00B098FCB24DFA9D484B9ABBF5FF48304F08892AD45AE7760D734E955CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0316A710 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0316A8D1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID:
                                            • API String ID: 716092398-0
                                            • Opcode ID: e3be9242ef0cda8f2b1692a935fedadb6967e6c4c0fe7ba4ff75355872b3b4f5
                                            • Instruction ID: 5a32afbf87bab0ad2d900ed6f27d65fd22b0bfb54f7e191c0080ad1ecaf0af7d
                                            • Opcode Fuzzy Hash: e3be9242ef0cda8f2b1692a935fedadb6967e6c4c0fe7ba4ff75355872b3b4f5
                                            • Instruction Fuzzy Hash: 68716AB4D00218DFDF60CFA9C984A9DBBB1BF0A300F2491AAE418B7211D735AA85CF55
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0316A70F Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0316A8D1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID:
                                            • API String ID: 716092398-0
                                            • Opcode ID: 5e1995eee01b72f47dae779901eb74583c71de2031ef3159ffa5ead66f053ab6
                                            • Instruction ID: c3b48a64292605df30dd553ff481511154adac7596bd463387c861641cf94296
                                            • Opcode Fuzzy Hash: 5e1995eee01b72f47dae779901eb74583c71de2031ef3159ffa5ead66f053ab6
                                            • Instruction Fuzzy Hash: 677169B4D00218DFDF60CFA9C984A9DBBB1BF0A300F2491AAE418B7211D735AA85CF45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FFC2FC Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 02FFDB39
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: a801fea8287444769ace4efc21d989852485974cbf036a1d65bc6ba005e79ebb
                                            • Instruction ID: 7e34eb3175d9f4fcffbc2b6310b1903367e4ea9e88e67b14038bd85d518dfdfe
                                            • Opcode Fuzzy Hash: a801fea8287444769ace4efc21d989852485974cbf036a1d65bc6ba005e79ebb
                                            • Instruction Fuzzy Hash: 6251E671D0021CCFDB61DFA8C940B9EBBB5BF4A304F10809AD609BB261DB756A85CF91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03166018 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                            Download Yara Rule
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 031660EB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 9c8002da01a3f44c0d41b7f38a8568c364d35ca24ec4e59a9f919acfc83584a6
                                            • Instruction ID: 5588e76c172de67c0b38710bec03b0f7162fff79936e4c9f258dd979e6fb8515
                                            • Opcode Fuzzy Hash: 9c8002da01a3f44c0d41b7f38a8568c364d35ca24ec4e59a9f919acfc83584a6
                                            • Instruction Fuzzy Hash: 3D4176B9D002589FCB10CFA9D984ADEBBF5FB09310F14902AE918BB210D335A955CF54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03166020 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                            Download Yara Rule
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 031660EB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: ca6a92bcfb3e99626a8e111540ad6ba2198f4ed3757bc3d5dbb15b0f5ffe303a
                                            • Instruction ID: 5cb5156700e055c3a53ba72bf664bc10ca0fc7abcbd3b780c905a1e3f2eb9778
                                            • Opcode Fuzzy Hash: ca6a92bcfb3e99626a8e111540ad6ba2198f4ed3757bc3d5dbb15b0f5ffe303a
                                            • Instruction Fuzzy Hash: 454146B9D002589FCB10CFA9D984ADEBBF5BB49310F14906AE918BB310D335A955CF54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF8260 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02FF830F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: d8919723e4a78353e768af5441e3e28283daf8e13c8b5624b74ec42e8b3586e7
                                            • Instruction ID: 9ebdd6ac67f5c3b80c0ed1d26fe9269f0857064a8b54f0e7cb0eb5606d424278
                                            • Opcode Fuzzy Hash: d8919723e4a78353e768af5441e3e28283daf8e13c8b5624b74ec42e8b3586e7
                                            • Instruction Fuzzy Hash: BF318AB5D002589FCB10CFA9D984AEEFBB1BF59310F24906AE914B7220D375A945CF64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 031633F8 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(?,?,?), ref: 03163FB2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 5a7d2b98004758e97a4f9280cc3d0e49fb0910f2e7dba15f6a0bc70f2996c850
                                            • Instruction ID: 12be373a7460aeff3317b5e9d47ad6167f51af135fb354b051ac1e80da470e90
                                            • Opcode Fuzzy Hash: 5a7d2b98004758e97a4f9280cc3d0e49fb0910f2e7dba15f6a0bc70f2996c850
                                            • Instruction Fuzzy Hash: 534199B8D042589FCB14CFAAD584A9EFBF5FB09310F14946AE828B7320D335A945CF95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03163F02 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(?,?,?), ref: 03163FB2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 472bba78da7a1a095a0e7a77f7f9dca840db1e04eea40e766370ddccd67f2772
                                            • Instruction ID: 6339ec41ed896c5cc28771d25d7557b9fa2e4b2376272ff412b2a38539fa6ece
                                            • Opcode Fuzzy Hash: 472bba78da7a1a095a0e7a77f7f9dca840db1e04eea40e766370ddccd67f2772
                                            • Instruction Fuzzy Hash: 124199B8D002589FCB14CFAAD584A9EFBF5BB09310F14946AE828B7320D335A945CF95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03169C24 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                            Download Yara Rule
                                            APIs
                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 0316CF41
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: CallProcWindow
                                            • String ID:
                                            • API String ID: 2714655100-0
                                            • Opcode ID: 91e06a7fe4fde3a5d7b20db45f26bc3e78ea28b73a387bd317d2ba1cde4cddba
                                            • Instruction ID: aff88551ea408ef2fb94d93cd333fff6bfc1cfc2ae748907b8e97d6179577ea3
                                            • Opcode Fuzzy Hash: 91e06a7fe4fde3a5d7b20db45f26bc3e78ea28b73a387bd317d2ba1cde4cddba
                                            • Instruction Fuzzy Hash: C04129B49002058FCB14DF99C488AAAFBF9FF8C314F25C499E559A7325D774A841CFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF8268 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02FF830F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: dd8162d1e8ae715f8e40687ff133ee6b64beb3c016a635c8010bd50b6b89a8d1
                                            • Instruction ID: 5b63855e7501b47c865f5ad59412358c4be7129f730a56ce791c38f53276811e
                                            • Opcode Fuzzy Hash: dd8162d1e8ae715f8e40687ff133ee6b64beb3c016a635c8010bd50b6b89a8d1
                                            • Instruction Fuzzy Hash: DE3179B9D042589FCB10CFA9D984ADEFBF5BF19310F24902AE918B7220D375A945CF64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03163BF8 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(?), ref: 03163C8A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: 7478501b29750f6a7162e94984b4290ef968bc1913cea611b7f2e021a64c08fa
                                            • Instruction ID: e043648f7466e7a63173c0e5249d2795648d9f3a6fef5bae137a5e36a2cececd
                                            • Opcode Fuzzy Hash: 7478501b29750f6a7162e94984b4290ef968bc1913cea611b7f2e021a64c08fa
                                            • Instruction Fuzzy Hash: 5C319CB8D002599FCB14CFAAD584ADEFBF5AF49310F14906AE818B7320D335A945CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302CDF4 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q
                                            • API String ID: 0-52440209
                                            • Opcode ID: 269b274abbfc83175ce2e4ae94112c23c0f3cfa239f2ed8493928c9add82a776
                                            • Instruction ID: 2c1cea27795df57ca22df390232502c22e4bf24d89ec8025baecc0b7ceece02c
                                            • Opcode Fuzzy Hash: 269b274abbfc83175ce2e4ae94112c23c0f3cfa239f2ed8493928c9add82a776
                                            • Instruction Fuzzy Hash: 9C51AD31B012168FCB15DFB9D8549AFBBFAEFC52207148969E45ADB351DB309C05CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 030247F0 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4']q
                                            • API String ID: 0-1259897404
                                            • Opcode ID: 8c758bfc6324b1364a992f95f8c683e173f14aadc1f75e5c9a04e349704ab80f
                                            • Instruction ID: d2c387b0721e10d5ba0cb655acbc6b0a341fd4f683c4750bab1ccdab4bff5fad
                                            • Opcode Fuzzy Hash: 8c758bfc6324b1364a992f95f8c683e173f14aadc1f75e5c9a04e349704ab80f
                                            • Instruction Fuzzy Hash: C741BF30A1A665CBCB15CF6BC8412BEBBF4EF84301F09C56BD9AA9B681D338D541CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302E978 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te]q
                                            • API String ID: 0-52440209
                                            • Opcode ID: e9124706cc09acc43330bda50283660bc8a061f7ed4cf512763cde7671231a66
                                            • Instruction ID: 6245013c403e0ed66fbfeac1656e0217b15581062b619dcc8779f1385598e589
                                            • Opcode Fuzzy Hash: e9124706cc09acc43330bda50283660bc8a061f7ed4cf512763cde7671231a66
                                            • Instruction Fuzzy Hash: 9B114C31B0121A8BCB44EFB9D9105EEBAF6BFC8710B14407AC905E7244EB359D02CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302D5A0 Relevance: .1, Instructions: 147COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d371ac049f440cc11200c10cbdc58586021e66c2cc70585893323c5358c8ed4d
                                            • Instruction ID: b5322d50e702228a20c6ccbb39ef9dab19176875a2ae7159d23171698304f647
                                            • Opcode Fuzzy Hash: d371ac049f440cc11200c10cbdc58586021e66c2cc70585893323c5358c8ed4d
                                            • Instruction Fuzzy Hash: A451B074A012189FDB04DFA9E894AEEBBF6FB88301F509129E805B7355DB38AD45CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302D388 Relevance: .1, Instructions: 115COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a271710e535bb8b2c4b2f4f55f31ed8469aa20b667177943e82fe2bb4bbf7b04
                                            • Instruction ID: 5690f5ad5c6db9ee71e08468455aa93ff82bb3b727db877db5239567ad4a23df
                                            • Opcode Fuzzy Hash: a271710e535bb8b2c4b2f4f55f31ed8469aa20b667177943e82fe2bb4bbf7b04
                                            • Instruction Fuzzy Hash: 8641D078E112189FCB00DFA8D484AEEBBB1FB8C320F149569E810B7354D735A995CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302D078 Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 46e45e6934e6bc1d5accbe215f639f2c36f7bc8547b62a559d09e6e7a6ad97c5
                                            • Instruction ID: bfa2f2e63d221c17487f63d035d364205d59a67533b3ad606886f03d56c06bef
                                            • Opcode Fuzzy Hash: 46e45e6934e6bc1d5accbe215f639f2c36f7bc8547b62a559d09e6e7a6ad97c5
                                            • Instruction Fuzzy Hash: 8A314775E002099FCB01DF98E880AEEBBB6FF88310F109569E914B7354D775AA40CFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013AD1FC Relevance: .1, Instructions: 76COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2006909628.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_13ad000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cf0ce430de81c3c2f467942afe8b6d756e20073a564b100f663f277ee33f88dc
                                            • Instruction ID: 168ba88d5846ea6ee23a41217e6aeb851a12bd9843dc4e2661521117825765e0
                                            • Opcode Fuzzy Hash: cf0ce430de81c3c2f467942afe8b6d756e20073a564b100f663f277ee33f88dc
                                            • Instruction Fuzzy Hash: D3212871504204DFDB06DF98D9C4F26BF65FB88328F60C569ED090BA56C33AD416CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD01C Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2006932731.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_13bd000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 97a7af49f15d6dd1e90f1330c783a0b3b909640164ac736e88a315f0340a7a7e
                                            • Instruction ID: d59d39310a7ac2785cd69375e126273b171432c716a87be436c62787ec66092c
                                            • Opcode Fuzzy Hash: 97a7af49f15d6dd1e90f1330c783a0b3b909640164ac736e88a315f0340a7a7e
                                            • Instruction Fuzzy Hash: DA210071604204DFCB15DFA8D9C0B26BF69FB8831CF20C569DA0A0BA56D33AD406CA61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD1D4 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2006932731.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_13bd000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: facd5df9647dcd373d62cea542037f13220da99b6f38bcc198d6aa310ca954e0
                                            • Instruction ID: ce6a663b2a1b8492ff06aa39b884d96e639ae92e45d719c71a7259f6bea894d0
                                            • Opcode Fuzzy Hash: facd5df9647dcd373d62cea542037f13220da99b6f38bcc198d6aa310ca954e0
                                            • Instruction Fuzzy Hash: 2B21F571504244DFDB05DF98D5C0B66BB65FB8432CF20C56DDA094FA56D33AD406CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302C990 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3e0084783d27c305790f82c2abab04518d294fdb5dc163e732aa50e1b24df9e2
                                            • Instruction ID: 2012201635bb0528b337002f26d4289416ca49c3216e80ad49fa5a9bcdaa466f
                                            • Opcode Fuzzy Hash: 3e0084783d27c305790f82c2abab04518d294fdb5dc163e732aa50e1b24df9e2
                                            • Instruction Fuzzy Hash: BD31C274A10508DFD744DF9AE68599DBFF1FF88300B6180E5E848AB369DB31AE51EB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03021C50 Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 44c4ffb4b0a346cecafe4274032afb3c1db759266f9e02168edcc3b1ab127b3b
                                            • Instruction ID: b5ae740b878a52961f9add2df0fc77369a78f1c1c9f8646019eb93340f27662b
                                            • Opcode Fuzzy Hash: 44c4ffb4b0a346cecafe4274032afb3c1db759266f9e02168edcc3b1ab127b3b
                                            • Instruction Fuzzy Hash: 8621D771B45254DFD3098F68C811769BFE6FB85300F14C6BAE115CB281DAB88C02CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03021B63 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 39b019b5a6482406e0638affd13b92fcfd7b6982d20e3d410f20cddf88ba43ed
                                            • Instruction ID: 6aced70c3719bdaecf513faf324d90db4c5258c450ef4fa3dddcea9d99a60168
                                            • Opcode Fuzzy Hash: 39b019b5a6482406e0638affd13b92fcfd7b6982d20e3d410f20cddf88ba43ed
                                            • Instruction Fuzzy Hash: DF11027260A0248FD31ACA2ED8017B6BBE9EB84225F088673F456CB291E238C8418754
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD006 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2006932731.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_13bd000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7521e68b7b31e85a2a25bdaa80de6f7e5294d1d9180ea1734cfa7f49dfe2b356
                                            • Instruction ID: 964447c042a24df5bbdab7a36b0c66d3584d9452200c8cbdadd126252c06dc7a
                                            • Opcode Fuzzy Hash: 7521e68b7b31e85a2a25bdaa80de6f7e5294d1d9180ea1734cfa7f49dfe2b356
                                            • Instruction Fuzzy Hash: DF2180755083809FCB03CF64D9D4B11BF71EB46218F28C5DAD9498F6A7D33A981ACB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013AD1F7 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2006909628.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_13ad000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                            • Instruction ID: f9c77a281d77e07c651d933bc9fd695b589c4f8ff8be23ee2bbd06645c7fc332
                                            • Opcode Fuzzy Hash: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                            • Instruction Fuzzy Hash: 7D21AF76504240DFDB06CF54D9C4B16BF72FB88324F24C6A9DD490B656C33AD42ACBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013BD1CF Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2006932731.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_13bd000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction ID: 3c724a2b4dd85c01845c03df75afd157deeb9bc2fefe3d0423b5920dc778d5fc
                                            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction Fuzzy Hash: 0711BB75504280DFDB02CF54C5C4B15BFB1FB84228F24C6A9D9494F696C33AD40ACB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302CF28 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c82cb73405c2385dad59622031572b9a632068e29aa04615042825745a415afd
                                            • Instruction ID: 4c1aa97af48468aa176351d623ac11024addde8b33a7a338147616edf7e2b2ce
                                            • Opcode Fuzzy Hash: c82cb73405c2385dad59622031572b9a632068e29aa04615042825745a415afd
                                            • Instruction Fuzzy Hash: F0111674A10508DFC740DF98E0899ADBFF4FB88310F5280D4E884A3359CB30DAA4DB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013AD745 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2006909628.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_13ad000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 10bea98f3065fdb5b08fec6344878395863b9483e9026cbe1fdf0f65cce5f8f3
                                            • Instruction ID: ef2d45c1fbd7de75d70606b497851ba4271c26e30a5758417c65a2f8c40075ad
                                            • Opcode Fuzzy Hash: 10bea98f3065fdb5b08fec6344878395863b9483e9026cbe1fdf0f65cce5f8f3
                                            • Instruction Fuzzy Hash: 40012B310043849AE7248E99CD84B67FF9CEF46328F58C52AED090AA96D23B9841CA75
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020DAC Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14e716d89a72ace35b84241418e897b4d90de2e787b5bb400afd65dde31baac7
                                            • Instruction ID: de40a49f81a5dfcab0a719f3305c1beb31f599ec4efc960c8dd438f5633d32ed
                                            • Opcode Fuzzy Hash: 14e716d89a72ace35b84241418e897b4d90de2e787b5bb400afd65dde31baac7
                                            • Instruction Fuzzy Hash: C9F0AF75D0B358AFC752CB789844598BFB8EB1A300F4880DAD445CB262E235AA05CB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 013AD744 Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2006909628.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_13ad000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 90efab36c2e7c53cc4dc33ca8a454522150160addb08164788ef941264386961
                                            • Instruction ID: 45f460bbbfbb8f08499405dc7d5117daef18af1ed307b7e9d64f0b7f0a8e427f
                                            • Opcode Fuzzy Hash: 90efab36c2e7c53cc4dc33ca8a454522150160addb08164788ef941264386961
                                            • Instruction Fuzzy Hash: 64F0F671404384AEE7248E1ACCC8B62FF98EF46734F18C55AED480B297C37A9840CBB4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302F578 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7d3492e42220de710ffa94ad2d6ad49e9feb1432a2297b05c6304248c1e96df8
                                            • Instruction ID: c348ae494e8f48ccaf5195fc83053f56ba67e733d72bf05aef9d7527825507e9
                                            • Opcode Fuzzy Hash: 7d3492e42220de710ffa94ad2d6ad49e9feb1432a2297b05c6304248c1e96df8
                                            • Instruction Fuzzy Hash: C6E06D727001286F9304DAAEDC84CABBBEDFBCD674361807AF508C7310DA319C01C6A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 030211F8 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eeb77d526d6e8a8a6625de1a60b79dd5f07d167e0546edec8328125d258f8c0c
                                            • Instruction ID: 380ba1ee76e9119cfb7dfe6fdc1d1e2439059f090ba445306abde5e215cde97d
                                            • Opcode Fuzzy Hash: eeb77d526d6e8a8a6625de1a60b79dd5f07d167e0546edec8328125d258f8c0c
                                            • Instruction Fuzzy Hash: E8F062708043099FCB1AEFB8C8406ADBFF0FF0A300F0085AAD814E7252E3705A52CB82
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020D18 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5acc464a1fe6703b5b58806ea6cc1451e740b6b1c541367236bdb9e0e71fc35
                                            • Instruction ID: 1909a7b7799cc4f129efaabe9ad17cb8681cfd2d3a11c52886fb4b683053cc90
                                            • Opcode Fuzzy Hash: f5acc464a1fe6703b5b58806ea6cc1451e740b6b1c541367236bdb9e0e71fc35
                                            • Instruction Fuzzy Hash: A8F0177490A3589FC742DFB8C8406ADBBB0AF09300F1441EAD814DB362E7729901DB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020D68 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6051330dc0f368203a400c22abccdfb8f3650cd1b40fd55fe85a557564a0291e
                                            • Instruction ID: c58334d4815f8f0c75dbcfee3d3379fc099e7b40e8a4c294235128dbb4d59f0f
                                            • Opcode Fuzzy Hash: 6051330dc0f368203a400c22abccdfb8f3650cd1b40fd55fe85a557564a0291e
                                            • Instruction Fuzzy Hash: DEF0F879D16308AFCB95DF78D84459CFFB4AB09710F4481DAD85497262E635A940CF41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302D920 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bad953f82738e108fd6ba0cff89db5a92aa504ef02564e1a9f7132a8de1de536
                                            • Instruction ID: e694262250420982b8fd8149e56a2147ee460d61574b46c7293905f48679dbb7
                                            • Opcode Fuzzy Hash: bad953f82738e108fd6ba0cff89db5a92aa504ef02564e1a9f7132a8de1de536
                                            • Instruction Fuzzy Hash: 66E01A34909208EBCB45DF94D9419ADBF75FB89310F14C599FC1817351C7329A61EB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03021208 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ee83634b164d74f147334e2fd3c84a58203ee9745f83e10a32391cc04a7e43f4
                                            • Instruction ID: a3c8027dafaab80d08cdbda496ab56739fa19a34483cc87b58a9f87429ef4e7a
                                            • Opcode Fuzzy Hash: ee83634b164d74f147334e2fd3c84a58203ee9745f83e10a32391cc04a7e43f4
                                            • Instruction Fuzzy Hash: 81E0E5B0D01319EFCB44EFA8D8406AEBBF5FB08300F5086AAD818A3341E7719651DB85
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302B6D8 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e7ffdc27db6b4c23bd2e6ec66bfacae6d0475d8a97699b1d7c13f854b57ad3b
                                            • Instruction ID: 46b9da4277af55464e714e06736498b3adc06f99d18c7339e017e1c8075c13db
                                            • Opcode Fuzzy Hash: 9e7ffdc27db6b4c23bd2e6ec66bfacae6d0475d8a97699b1d7c13f854b57ad3b
                                            • Instruction Fuzzy Hash: B8E08675446118DFCB40EFA5D40599D7FEC9B8A201F008995A40597150EE354A00DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020D28 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 95b0bf380ec06341c40d4d7c684d52ff3dbdc1b0b7e1024392ac460767aaf414
                                            • Instruction ID: ff70002ee4aa2654237323bc34540bee4e96d77d61fdffecf418b3a1cc2ff7fd
                                            • Opcode Fuzzy Hash: 95b0bf380ec06341c40d4d7c684d52ff3dbdc1b0b7e1024392ac460767aaf414
                                            • Instruction Fuzzy Hash: 72E0C974D012189FCB44DFA8D8456ADBBF4FB08300F4045A9D81997321D7705940DB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302D030 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a11880c9b4013c1efd5233f2bf4c25ad5379ba598d9fee9181db01de4959605f
                                            • Instruction ID: fe93a6e739decf7145327999e47e07941bfa7b51d3dcb83e75d2014b71afa08c
                                            • Opcode Fuzzy Hash: a11880c9b4013c1efd5233f2bf4c25ad5379ba598d9fee9181db01de4959605f
                                            • Instruction Fuzzy Hash: 58E01A34909108EBCB44DF94D8419ACBF75EB85310F10C599AC0417351C7329A52EB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302D558 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 97e08bd42bdd0af38c8fd8c4bc481699d13d402fbf1b685e82daaec974404c6e
                                            • Instruction ID: de809aa88ea8e1c61fc2d2b7d340fe6ca01b189e7fc1002daf23e73253d17ef1
                                            • Opcode Fuzzy Hash: 97e08bd42bdd0af38c8fd8c4bc481699d13d402fbf1b685e82daaec974404c6e
                                            • Instruction Fuzzy Hash: CDE08674905118EFC704DF94D4419ACFFB8EB85314F20C599EC0413341C7729E51DB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302CEE8 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52eda618d4438aea2ce868f20abca5ab0757cd065e3abbed778c3ded8b3fed54
                                            • Instruction ID: acb033ba4a655c0abc1c32bd6c1301ac0d0656c48fe52b7be5a8ad4244267df3
                                            • Opcode Fuzzy Hash: 52eda618d4438aea2ce868f20abca5ab0757cd065e3abbed778c3ded8b3fed54
                                            • Instruction Fuzzy Hash: FAE0C234909108DBC744DF94D4415ACFFB8EB85301F10C59CEC0813346CB329E02DB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020D78 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e95db993af73b7b85d0412e7d8e2a22d89baf250fe19c0ac2282baf03ee601af
                                            • Instruction ID: 9a0dc6b1aa794dd7443330c28f60c5da320e98ef8d63a896e8ce53b98cdaae08
                                            • Opcode Fuzzy Hash: e95db993af73b7b85d0412e7d8e2a22d89baf250fe19c0ac2282baf03ee601af
                                            • Instruction Fuzzy Hash: EDE09274E11208EFCB94DFA9D448A9CBBF4EB48711F4081EAD818D7361E735AA50CF81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03022727 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a14f744d6ce7576f0801b491353756492b5a910a59fa185a2ef8dc1b574ec8f8
                                            • Instruction ID: c62a48869d7df6a2ef3292744d69e98cb6755bd45756f102c237fdb8e851cf80
                                            • Opcode Fuzzy Hash: a14f744d6ce7576f0801b491353756492b5a910a59fa185a2ef8dc1b574ec8f8
                                            • Instruction Fuzzy Hash: B2D02B7028CB54ABD775C964DD167327FBC6B81E00F1889AAE4048E1C1C7548440C311
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03022728 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3e58db321dcccf256bb14f7566f6e1a881dddde359918ef216de276ec0762bbe
                                            • Instruction ID: 0a79fd7fa941e4a60b4e17d80c0270bb3d6af51f12b1da683ae806d5c8a3c953
                                            • Opcode Fuzzy Hash: 3e58db321dcccf256bb14f7566f6e1a881dddde359918ef216de276ec0762bbe
                                            • Instruction Fuzzy Hash: 41D0A7303CCB14FBF57899A5DD16F327EACA780F50F54C425F6055D2C09995A841C71A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03023F18 Relevance: .0, Instructions: 2COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d0dce3a21b3d78e814b897c679bee2d99b9425718b5ede17c16bc5d450c411f9
                                            • Instruction ID: c80e7e210b58447fefad6e33ca9a9d4c554ae0e1b971f71b99b4508adeea8a60
                                            • Opcode Fuzzy Hash: d0dce3a21b3d78e814b897c679bee2d99b9425718b5ede17c16bc5d450c411f9
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0302B728 Relevance: 6.0, Strings: 4, Instructions: 1042COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: TJbq$Te]q$paq$xb`q
                                            • API String ID: 0-4160082283
                                            • Opcode ID: aae6351581515cf0a4b7ee43e9f07340fe19dfb14bd3f091b585a8246ef119a0
                                            • Instruction ID: 1dcc420f6c359ca56d655f0fa2f2ebc6a282e394f56073d124e19f1ee7256019
                                            • Opcode Fuzzy Hash: aae6351581515cf0a4b7ee43e9f07340fe19dfb14bd3f091b585a8246ef119a0
                                            • Instruction Fuzzy Hash: 52B2C075A01628CFDB64CF69C984ADDBBB2FF89304F1581E9D509AB225DB319E81CF40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF5790 Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: TX|H$TX|H
                                            • API String ID: 0-1857769368
                                            • Opcode ID: cec1a364d79f1a3b5cde1ffe8d756c714cff31f3bbd8ee7e9206154182f20103
                                            • Instruction ID: 5e3edddc46300cebae65b9ddf0c06cd6cfa21fbebff17899592c9f2c47c0b65b
                                            • Opcode Fuzzy Hash: cec1a364d79f1a3b5cde1ffe8d756c714cff31f3bbd8ee7e9206154182f20103
                                            • Instruction Fuzzy Hash: 71711275E0521DCFCB58CFAAC5849DEFBF2EF88250F64942AD605BB224D3349A01CB64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020006 Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: }[v$}[v
                                            • API String ID: 0-380025706
                                            • Opcode ID: 41f87721766e139fe9357414133f8e720c5cdd932a2b0951994b613bbe24cd1f
                                            • Instruction ID: 0e2188b4201db9c060ab3e0a6e524f58e722e9ec6b9b9a1ac914dc7c902eb14a
                                            • Opcode Fuzzy Hash: 41f87721766e139fe9357414133f8e720c5cdd932a2b0951994b613bbe24cd1f
                                            • Instruction Fuzzy Hash: FF417F70E063598FDB49CF6AC99069EBFF2AF8A200F18C5ABD404EB256D7345905CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020040 Relevance: 2.6, Strings: 2, Instructions: 88COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: }[v$}[v
                                            • API String ID: 0-380025706
                                            • Opcode ID: b08bd62de62bb687f6f64c2dbb5bb15484aa4d6012781d574c0037e7bf4d8094
                                            • Instruction ID: e400b457a445c13b4422ef9533c7b21848b327b1ae008788a3e01c859957329b
                                            • Opcode Fuzzy Hash: b08bd62de62bb687f6f64c2dbb5bb15484aa4d6012781d574c0037e7bf4d8094
                                            • Instruction Fuzzy Hash: A8311B70E122299BDB58CFAAD9806DEFBF6BFC8210F14C56AD408A7254E7345A018F61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 030249CF Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4']q
                                            • API String ID: 0-1259897404
                                            • Opcode ID: 9b0f9692da9ad6686feee99667ecc39edeca515dc6c248a823bd24eb66dbeedd
                                            • Instruction ID: 422deeaaf3998da15145b86f707aee5d1e67f4fc92771389c369068f97215a47
                                            • Opcode Fuzzy Hash: 9b0f9692da9ad6686feee99667ecc39edeca515dc6c248a823bd24eb66dbeedd
                                            • Instruction Fuzzy Hash: 25613C70A142098FD748EFAEE895A9ABFF6FFC4300F14C579D4059B264EB385809DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 030249E0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4']q
                                            • API String ID: 0-1259897404
                                            • Opcode ID: f1961cfabcd8d4a0d72d5e886797401d77e9f8e3a42759e3a82201b69be06b79
                                            • Instruction ID: 1ec89933ce6d0f5525862382616f7481df0bece25de2f1e17048504f35c9f2d1
                                            • Opcode Fuzzy Hash: f1961cfabcd8d4a0d72d5e886797401d77e9f8e3a42759e3a82201b69be06b79
                                            • Instruction Fuzzy Hash: 4E613970A142098FD748EFAEE895A9ABFF6FFC8300F14C579D4059B264EB385809DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 031689D8 Relevance: .3, Instructions: 315COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 191f105dccbfdc6d2c59d9a4228ec7cb6b1b74cbdda2e98c5fb96caf097c7c38
                                            • Instruction ID: aac5afd0f706c2f317125f204e9424bf55fe9a0ba2ca0b6a06c9de59bec43a58
                                            • Opcode Fuzzy Hash: 191f105dccbfdc6d2c59d9a4228ec7cb6b1b74cbdda2e98c5fb96caf097c7c38
                                            • Instruction Fuzzy Hash: 1212C7B04197468BE718EF25ED4C1893BB6B74A32CF50420AD2712B2E9DBF415CADF64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0316F9F3 Relevance: .3, Instructions: 301COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e3f9b21e01cf48960644161bacdfd277e0f1fa39a641f705c945981ea06786cf
                                            • Instruction ID: 4376ea67e67d6686c12805165aa3b99156d97be5a504909d2ca2dd39f29b3d13
                                            • Opcode Fuzzy Hash: e3f9b21e01cf48960644161bacdfd277e0f1fa39a641f705c945981ea06786cf
                                            • Instruction Fuzzy Hash: 4AE1163181475A8ACB11EFA8D994ADDB771FF99300F10C7AAD1097B221EB706AC9CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020641 Relevance: .3, Instructions: 274COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bbc896166f48d9b31474ac59e82df4d92941a2ba4a181d2dcddb43dc0c0d89c9
                                            • Instruction ID: 08514ed29171b82cf424cc63a9a8790e2f6536f976acd803c8723c868e3d8631
                                            • Opcode Fuzzy Hash: bbc896166f48d9b31474ac59e82df4d92941a2ba4a181d2dcddb43dc0c0d89c9
                                            • Instruction Fuzzy Hash: 9CC15C74E152698FCB14CFA9C9809AEFBF2FF89300F28C5A9D854A7216D7309941CF61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 031669BC Relevance: .3, Instructions: 264COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1af89aa3a21769a711f6e9645d2b2972cd7bec00e5b3e7919f14df38f3db53dc
                                            • Instruction ID: f75a3c98e75a98d58fe0d8940b0cd2d32c5e14b926d39a214defbab072b72802
                                            • Opcode Fuzzy Hash: 1af89aa3a21769a711f6e9645d2b2972cd7bec00e5b3e7919f14df38f3db53dc
                                            • Instruction Fuzzy Hash: 50A16F36E007158FCF09DFB4C84449EB7B6FF89300B19856AE806BB265DB71D965CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0316FA40 Relevance: .3, Instructions: 264COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 004f74e8da68be077339b049055993c2ff285c72e0e2c03440b632997f1d4527
                                            • Instruction ID: 5166ed497db0dc8a14ad4cba1ea031fb2044a2956a02a5cfdd502880e15d1308
                                            • Opcode Fuzzy Hash: 004f74e8da68be077339b049055993c2ff285c72e0e2c03440b632997f1d4527
                                            • Instruction Fuzzy Hash: EED1C575C1075A8ACB11EF68D994ADDB771FF99300F10C7AAD1097B220EB706AC9CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03020688 Relevance: .3, Instructions: 258COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 50d3b0969e296bdc8ea03ba6aa858f480b973680fb021e9761377d2abc1a4236
                                            • Instruction ID: fbacf6a7fb61a1d6168b58075ed60e14c97a33ba291dd5dc8427e35156495b02
                                            • Opcode Fuzzy Hash: 50d3b0969e296bdc8ea03ba6aa858f480b973680fb021e9761377d2abc1a4236
                                            • Instruction Fuzzy Hash: 45B13974E112299BCB54CFA9C980AAEFBF2FB89300F24D569D819A7315D7309E41CF61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0316E5BB Relevance: .3, Instructions: 257COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1d55d88ed4d0e72fc193cdc0df999b99d5b2c04fb20ae48918869dcc63d3d8d6
                                            • Instruction ID: b0a5678d252547c5a2dbe22391f9e057d169aad7a09d514ecda4929b918e9c5f
                                            • Opcode Fuzzy Hash: 1d55d88ed4d0e72fc193cdc0df999b99d5b2c04fb20ae48918869dcc63d3d8d6
                                            • Instruction Fuzzy Hash: DB918639A043598FCB02DFF4CA609DDBFB5AF4A300F194296D045AF161DB309D55CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 031689C8 Relevance: .2, Instructions: 226COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ef4daff9e97ec0f58c5a2d88706e1fb0ca3ecf21ccd7b2b591388b154aea823
                                            • Instruction ID: e470f7817c849406136c314bd4e0e1c671a4b654014ee3ee5b6c46c4daecee01
                                            • Opcode Fuzzy Hash: 3ef4daff9e97ec0f58c5a2d88706e1fb0ca3ecf21ccd7b2b591388b154aea823
                                            • Instruction Fuzzy Hash: F6C11AB04187468BD718EF65ED4C1897BB6FB8A32CF50420AD1616B2E9DBF414CACF64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF4358 Relevance: .2, Instructions: 184COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6768689e7bc8001822b471fb49f4f132c5e67ff89bb3f0e6ff3e80e9bafc78b2
                                            • Instruction ID: e25285124c15046860fbda3754d6d3594651b31b140783353e557ab77d5ffb95
                                            • Opcode Fuzzy Hash: 6768689e7bc8001822b471fb49f4f132c5e67ff89bb3f0e6ff3e80e9bafc78b2
                                            • Instruction Fuzzy Hash: 9A81CF75E102198FCB44CFA9D58499EFBF2FF88350F14956AE619AB221D334AA42CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF4349 Relevance: .2, Instructions: 181COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 426ed0f0bcd9d1f3b744b3c5b69420cfcc3b208f6abdc3137d0e3efa923b8eb3
                                            • Instruction ID: 551264cf7f34e9c10246de476c0f70a0f57b6fbe5ba6112c3efad26b80c9dff4
                                            • Opcode Fuzzy Hash: 426ed0f0bcd9d1f3b744b3c5b69420cfcc3b208f6abdc3137d0e3efa923b8eb3
                                            • Instruction Fuzzy Hash: 8281F075A10209CFCB44CFA9C68499EFBF2FF88350F14956AE615AB221D334EA42CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF1FA9 Relevance: .2, Instructions: 180COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60e2d004f231df2a93cf2064cecacf11dbf398819179eedfd15990e8d38c2d5e
                                            • Instruction ID: ff89d65713825274be932e456fdf5d82d016b8b3df50b64deb0e5893976a3cb8
                                            • Opcode Fuzzy Hash: 60e2d004f231df2a93cf2064cecacf11dbf398819179eedfd15990e8d38c2d5e
                                            • Instruction Fuzzy Hash: AD713671E0520ADFDB44CF99D4819AEFBB2FF89350F10912ADA15A7728D334AA41CF91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF5780 Relevance: .2, Instructions: 175COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f308149f191019501c88999e5a370995441474eb9b85eff7391a99f57b071cc0
                                            • Instruction ID: 93f367738dad45a3aaf37239e2e0cc3bc67423c0fd6c16c51032174061ede3f6
                                            • Opcode Fuzzy Hash: f308149f191019501c88999e5a370995441474eb9b85eff7391a99f57b071cc0
                                            • Instruction Fuzzy Hash: 0E712475E0521DCFCB58CFA9C5849DEFBF2EF89250F24942AD605BB264D3349A01CB64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF4EE0 Relevance: .2, Instructions: 166COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7fd39a54925080d7d3436bb425a16bf3317d04ab951ad330a16483229619cd0a
                                            • Instruction ID: 5ea812a0d784a2b8e6cc2f6909c3e0966a0595afa9ad7e244bce8aa2747114cd
                                            • Opcode Fuzzy Hash: 7fd39a54925080d7d3436bb425a16bf3317d04ab951ad330a16483229619cd0a
                                            • Instruction Fuzzy Hash: 497128B4E1420ACFCB44CF99D4809AEFBB1FF48350F559516D615AB354D330AA82CFA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF4ED0 Relevance: .2, Instructions: 162COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 74622282e0e5cc2a6a56452d17261b75878b5c3548afc7ac0fd5469ddd1e6906
                                            • Instruction ID: f6a0574b0f72088cb4a076e004de47d484bce953c0acfb7ee1676500e106be81
                                            • Opcode Fuzzy Hash: 74622282e0e5cc2a6a56452d17261b75878b5c3548afc7ac0fd5469ddd1e6906
                                            • Instruction Fuzzy Hash: AD614874E0420ACFCB44CF99D4809AEFBB2FF88350F159516D615AB365D334AA82CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03024D68 Relevance: .1, Instructions: 117COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c34ee4149183e12ffe2efda1972cbb9762e8fe9c8987d22ff5c5441c386fb1de
                                            • Instruction ID: faca0c72c0e6d45ce4a64dc0958107676114beb1fbb060074f10160feba0f0dd
                                            • Opcode Fuzzy Hash: c34ee4149183e12ffe2efda1972cbb9762e8fe9c8987d22ff5c5441c386fb1de
                                            • Instruction Fuzzy Hash: 4F5162B5D016288FEB68CF2AD94479DFAF3AFC8200F14C1EAD44DA7264DB755A958F00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF5A10 Relevance: .1, Instructions: 116COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dd7db4ae9382b2293c0c40e4a90984eb7aa6ff6717f824ed5711749d437e55ca
                                            • Instruction ID: 893bb244f3219c7dbc7a7dc2aa5f182fc94e9625e69baa3ad0f48564d8c18bff
                                            • Opcode Fuzzy Hash: dd7db4ae9382b2293c0c40e4a90984eb7aa6ff6717f824ed5711749d437e55ca
                                            • Instruction Fuzzy Hash: 1D411C71E0120ADFCB44CFA9C5815AEFBF2BF88340F64D46AC615E7254D3309A51CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF5A20 Relevance: .1, Instructions: 114COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 77289fa2fe3a31b17fb048586fc5ed0286fd4c668429d80cfc6cb5959311203b
                                            • Instruction ID: d0d05bd8f2fe83884d49bfbd4dfb81a3066e212355776bbcca8e29264fed482b
                                            • Opcode Fuzzy Hash: 77289fa2fe3a31b17fb048586fc5ed0286fd4c668429d80cfc6cb5959311203b
                                            • Instruction Fuzzy Hash: B3410CB1E0520ADFCB48CFA9C5815AEFBF2BF88340F64D469C615B7218E3349A51CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF5C08 Relevance: .1, Instructions: 114COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7a1853778299cfcb4505ce1f064ac9838be03c7810b6f5c54e9888446b43e4d8
                                            • Instruction ID: b1f1f17317dbc790a577a696d90c4841e83458a0faa9271e80c1a3b70e17de02
                                            • Opcode Fuzzy Hash: 7a1853778299cfcb4505ce1f064ac9838be03c7810b6f5c54e9888446b43e4d8
                                            • Instruction Fuzzy Hash: 0C417D71E016188BDB68CF6B8D4579DFBF3AFC9301F14C1BA850DAA225EB341A458F15
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF55F8 Relevance: .1, Instructions: 103COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60952856c2d11628d29425aa3903aea6b3b9ba94242753003a9b03eab275368b
                                            • Instruction ID: 563910b72a07298c227733694df6c8063fb2e14187d370aa491c5bb4ea8ced28
                                            • Opcode Fuzzy Hash: 60952856c2d11628d29425aa3903aea6b3b9ba94242753003a9b03eab275368b
                                            • Instruction Fuzzy Hash: A241F8B1E0560A9FCB44CFAAC5805AEFBF2BF89300F54C06AD625A7254D7349A42CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02FF5608 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007517249.0000000002FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2ff0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ff30844402e5bc220952b3ef0704d84c226cc545d0b318ee4b6a73b985c08807
                                            • Instruction ID: 2b9658de92b192ca718471f1b0c244da6bea433c1ea04d73ef4707fd8b7151bf
                                            • Opcode Fuzzy Hash: ff30844402e5bc220952b3ef0704d84c226cc545d0b318ee4b6a73b985c08807
                                            • Instruction Fuzzy Hash: 4441F5B1E0060ADFCB44CFAAC5805AEFBF2AF88340F64C069D625B7254D7349A42CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0316B648 Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14af75279448c060359e01b44649260bec4e1a27c8ce0c30b5a7c28d57ca5bf9
                                            • Instruction ID: 3436cf62ad3785980bd949fb12fd92800626491b03bc83f107508daea1512703
                                            • Opcode Fuzzy Hash: 14af75279448c060359e01b44649260bec4e1a27c8ce0c30b5a7c28d57ca5bf9
                                            • Instruction Fuzzy Hash: 2131BCB8D052089FCB14CFAAE584ADEFBF5BB49310F24902AE808B7310D335A945CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03169B6C Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2008218535.0000000003160000.00000040.00000800.00020000.00000000.sdmp, Offset: 03160000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3160000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f41992979553b6351f6a5d9607bef2141301927c38a28c03d83923993713f4d4
                                            • Instruction ID: 3a94eca74d7c34b49ec7121fc636851a04d0ffe174bcfb2541fee42e2cbde89d
                                            • Opcode Fuzzy Hash: f41992979553b6351f6a5d9607bef2141301927c38a28c03d83923993713f4d4
                                            • Instruction Fuzzy Hash: 793199B8D052589FCB14CFAAE584ADEFBF5BB49310F24902AE808B7310D375A945CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03024D59 Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 83e954eac1ed09e9812621df134ae2b18cc38b03488a60be2baf7ed725c27635
                                            • Instruction ID: db892ba55588f6fdc7958a6ae6c500e460094b6e45c3f7e606c9fda3bd952056
                                            • Opcode Fuzzy Hash: 83e954eac1ed09e9812621df134ae2b18cc38b03488a60be2baf7ed725c27635
                                            • Instruction Fuzzy Hash: 6A3189B1D016588BEB68CF6BD94478EFAF7AFC8304F14C1BAC40CAA254DB7509958F40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302F180 Relevance: .1, Instructions: 71COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e5e067c6b19753dde1e3320162d8026fb5b2bf3040994de3d3c166a6a85bd5a1
                                            • Instruction ID: b5a36a455c60d509e9a4d3d71f06c317023ee4322486824cf86fcd7cd85bd376
                                            • Opcode Fuzzy Hash: e5e067c6b19753dde1e3320162d8026fb5b2bf3040994de3d3c166a6a85bd5a1
                                            • Instruction Fuzzy Hash: 46317DB8D05219EFCB14CFA9D884AAEBFF2BB49350F249129E814B7350D3349985CF58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0302F3D8 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
                                            • Instruction ID: 77c4f7170879d22b3dc40d329b09000825c5cde77b1bc784bd55fc834ff7ac38
                                            • Opcode Fuzzy Hash: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
                                            • Instruction Fuzzy Hash: 2DF042B5D0520D9F8F04DFA9D5418EEFBF2AB59310F10A16AE814B3314E73599518FA8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03022150 Relevance: 6.5, Strings: 5, Instructions: 267COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2007544499.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Offset: 03020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_3020000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR]q$LR]q$$]q$$]q$$]q
                                            • API String ID: 0-527398971
                                            • Opcode ID: 1915268ce0452ae925787a6c92c808ab446b0d5a7c2008657a7e0c9dadd59c02
                                            • Instruction ID: 2869f7d256fdb32a1bd060bee4cf5b7f92086d63323f42107b69e86289efe8ee
                                            • Opcode Fuzzy Hash: 1915268ce0452ae925787a6c92c808ab446b0d5a7c2008657a7e0c9dadd59c02
                                            • Instruction Fuzzy Hash: 59B10970E01129DFCB94CFD8C580AADBBF6FF98300F158965E456AB654DB34E881CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Execution Graph

                                            Execution Coverage:12.6%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:19
                                            Total number of Limit Nodes:2
                                            execution_graph 28228 2e47ef8 28229 2e47f3c CheckRemoteDebuggerPresent 28228->28229 28230 2e47f7e 28229->28230 28231 2e40848 28233 2e4084e 28231->28233 28232 2e4091b 28233->28232 28235 2e41392 28233->28235 28237 2e413a6 28235->28237 28236 2e414d4 28236->28233 28237->28236 28240 2e4b384 28237->28240 28244 2e4b390 28237->28244 28242 2e4b390 28240->28242 28241 2e4b46a 28241->28237 28242->28241 28248 2e4ae4c 28242->28248 28246 2e4b3af 28244->28246 28245 2e4b46a 28245->28237 28246->28245 28247 2e4ae4c MoveFileA 28246->28247 28247->28245 28249 2e4b7d0 MoveFileA 28248->28249 28251 2e4b86f 28249->28251 28251->28241

                                            Executed Functions

                                            Function 06EA60A8 Relevance: 8.4, Strings: 6, Instructions: 934COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-3723351465
                                            • Opcode ID: ae31d28cbea8f9d92eac392e4f964b1744c476137b776f36497b4d48c0e9c8d1
                                            • Instruction ID: 98a0c26dc1d9da7617bed0387a100703ff2cea14cf934390f6ce22bc53159237
                                            • Opcode Fuzzy Hash: ae31d28cbea8f9d92eac392e4f964b1744c476137b776f36497b4d48c0e9c8d1
                                            • Instruction Fuzzy Hash: C6827B30E107098FCB54DF64C994A9DB7B2FF85304F54DAA9D409AB265EB34ED85CB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02E47EF8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 772 2e47ef8-2e47f7c CheckRemoteDebuggerPresent 774 2e47f85-2e47fc0 772->774 775 2e47f7e-2e47f84 772->775 775->774
                                            APIs
                                            • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02E47F6F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3248954917.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_2e40000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: CheckDebuggerPresentRemote
                                            • String ID: =V#4
                                            • API String ID: 3662101638-3559468726
                                            • Opcode ID: 5efe8e49f8bc978e95151240d4040214cd0d586e075a963ca8f0688937bc0ac4
                                            • Instruction ID: 3fdfc83f83b4031c20cf05934b7e23780aa69d129c0521d5cabb007ed0db2124
                                            • Opcode Fuzzy Hash: 5efe8e49f8bc978e95151240d4040214cd0d586e075a963ca8f0688937bc0ac4
                                            • Instruction Fuzzy Hash: 092137B18012598FCB10CF9AD484BEEFBF4EF49310F14845AE459B3250D778A944CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAB320 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 798 6eab320-6eab33e 799 6eab340-6eab343 798->799 800 6eab366-6eab369 799->800 801 6eab345-6eab361 799->801 802 6eab36b-6eab379 800->802 803 6eab380-6eab383 800->803 801->800 810 6eab37b 802->810 811 6eab3c6-6eab3dc 802->811 804 6eab3a4-6eab3a7 803->804 805 6eab385-6eab39f 803->805 808 6eab3a9-6eab3b3 804->808 809 6eab3b4-6eab3b6 804->809 805->804 813 6eab3b8 809->813 814 6eab3bd-6eab3c0 809->814 810->803 818 6eab3e2-6eab3eb 811->818 819 6eab5f7-6eab601 811->819 813->814 814->799 814->811 820 6eab602-6eab608 818->820 821 6eab3f1-6eab40e 818->821 824 6eab60a-6eab637 820->824 825 6eab58b-6eab5c6 820->825 829 6eab5e4-6eab5f1 821->829 830 6eab414-6eab43c 821->830 827 6eab639-6eab63c 824->827 873 6eab5d2-6eab5de 825->873 831 6eab642-6eab651 827->831 832 6eab871-6eab874 827->832 829->818 829->819 830->829 854 6eab442-6eab44b 830->854 842 6eab653-6eab66e 831->842 843 6eab670-6eab6b4 831->843 833 6eab876-6eab892 832->833 834 6eab897-6eab89a 832->834 833->834 835 6eab8a0-6eab8ac 834->835 836 6eab945-6eab947 834->836 845 6eab8b7-6eab8b9 835->845 840 6eab949 836->840 841 6eab94e-6eab951 836->841 840->841 841->827 848 6eab957-6eab960 841->848 842->843 857 6eab6ba-6eab6cb 843->857 858 6eab845-6eab85a 843->858 851 6eab8bb-6eab8c1 845->851 852 6eab8d1-6eab8d5 845->852 855 6eab8c3 851->855 856 6eab8c5-6eab8c7 851->856 859 6eab8e3 852->859 860 6eab8d7-6eab8e1 852->860 854->820 862 6eab451-6eab46d 854->862 855->852 856->852 871 6eab830-6eab83f 857->871 872 6eab6d1-6eab6ee 857->872 858->832 865 6eab8e8-6eab8ea 859->865 860->865 862->873 874 6eab473-6eab49d 862->874 868 6eab8fb-6eab934 865->868 869 6eab8ec-6eab8ef 865->869 868->831 890 6eab93a-6eab944 868->890 869->848 871->857 871->858 872->871 884 6eab6f4-6eab7ea call 6ea9b48 872->884 873->829 873->854 888 6eab5c8-6eab5cd 874->888 889 6eab4a3-6eab4cb 874->889 932 6eab7f8 884->932 933 6eab7ec-6eab7f6 884->933 888->873 889->888 896 6eab4d1-6eab4ff 889->896 896->888 901 6eab505-6eab50e 896->901 901->888 903 6eab514-6eab546 901->903 911 6eab548-6eab54c 903->911 912 6eab551-6eab56d 903->912 911->888 913 6eab54e 911->913 912->873 914 6eab56f-6eab58a call 6ea9b48 912->914 913->912 914->825 934 6eab7fd-6eab7ff 932->934 933->934 934->871 935 6eab801-6eab806 934->935 936 6eab808-6eab812 935->936 937 6eab814 935->937 938 6eab819-6eab81b 936->938 937->938 938->871 939 6eab81d-6eab829 938->939 939->871
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q
                                            • API String ID: 0-127220927
                                            • Opcode ID: f7a174a033750d4ce0999919dd67b7ebe336de0a5059ee3ec2faf0113884e144
                                            • Instruction ID: 0fbfedf1b6da5edc88b53f4141ea52125c9abd41e27fbd363287532be92079c3
                                            • Opcode Fuzzy Hash: f7a174a033750d4ce0999919dd67b7ebe336de0a5059ee3ec2faf0113884e144
                                            • Instruction Fuzzy Hash: B3026B30B1030A9FDB58DF68D590AAEB7A6FF84304F148529D409AF394DB35EC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA0040 Relevance: 2.7, Instructions: 2722COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 565f7352d5cf8fe4dc773c3ac8c5ada9775938c2947c10610f673b184acbb9dd
                                            • Instruction ID: 6e1036151c4c742b4a0b29789bf8dbb6d0184a0bfcce7a214dec3219bcb0cdce
                                            • Opcode Fuzzy Hash: 565f7352d5cf8fe4dc773c3ac8c5ada9775938c2947c10610f673b184acbb9dd
                                            • Instruction Fuzzy Hash: 3B53E631C10B1A8ACB51EF68C8905A9F7B1FF99300F15D79AE4587B121FB70AAD5CB81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA0021 Relevance: 2.3, Instructions: 2312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 39f1519d6fbafc7f839fee43b2a5793630c47074159a11106032c32a7ccac576
                                            • Instruction ID: 096027caf8f88bb6b6bfcbdb5c3cd40beb6a8ed46f13aa6c63470a4d6c4d022c
                                            • Opcode Fuzzy Hash: 39f1519d6fbafc7f839fee43b2a5793630c47074159a11106032c32a7ccac576
                                            • Instruction Fuzzy Hash: 6443E531C10B1A8ACB51EF68C8945A9F7B1FF99300F15D79AE4587B121EB70AAD4CF81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAE7C8 Relevance: .6, Instructions: 569COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75c8b2ff99e1c1b83ec2217bf95464c381a83b2f7594882f78584ab9d59215e6
                                            • Instruction ID: e209f6b6f8247244b98efec666bbf7e3de52edf0d4f2d764464636324d2190ad
                                            • Opcode Fuzzy Hash: 75c8b2ff99e1c1b83ec2217bf95464c381a83b2f7594882f78584ab9d59215e6
                                            • Instruction Fuzzy Hash: DA226C30E003099FDBA4CB68D5947AEB7B6FB85314F249925E409EF391DA38EC81DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAE260 Relevance: 10.4, Strings: 8, Instructions: 395COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 6eae260-6eae27e 1 6eae280-6eae283 0->1 2 6eae289-6eae28c 1->2 3 6eae47d-6eae486 1->3 4 6eae28e-6eae297 2->4 6 6eae2a6-6eae2a9 2->6 3->4 5 6eae48c-6eae496 3->5 7 6eae29d-6eae2a1 4->7 8 6eae497-6eae4a8 4->8 9 6eae2ab-6eae2c7 6->9 10 6eae2cc-6eae2cf 6->10 7->6 19 6eae4aa-6eae4ce 8->19 20 6eae455-6eae473 8->20 9->10 11 6eae2df-6eae2e2 10->11 12 6eae2d1-6eae2da 10->12 13 6eae2ec-6eae2ef 11->13 14 6eae2e4-6eae2e9 11->14 12->11 17 6eae309-6eae30c 13->17 18 6eae2f1-6eae304 13->18 14->13 21 6eae30e-6eae31b 17->21 22 6eae320-6eae323 17->22 18->17 23 6eae4d0-6eae4d3 19->23 56 6eae47a 20->56 21->22 27 6eae334-6eae336 22->27 28 6eae325-6eae329 22->28 29 6eae4e0-6eae4e3 23->29 30 6eae4d5-6eae4d9 23->30 35 6eae338 27->35 36 6eae33d-6eae340 27->36 28->5 32 6eae32f 28->32 37 6eae4f2-6eae4f5 29->37 38 6eae4e5 29->38 33 6eae4db 30->33 34 6eae531-6eae56c 30->34 32->27 33->29 50 6eae75f-6eae772 34->50 51 6eae572-6eae57e 34->51 35->36 36->1 39 6eae346-6eae36a 36->39 40 6eae502-6eae505 37->40 41 6eae4f7-6eae501 37->41 126 6eae4e5 call 6eae7c8 38->126 127 6eae4e5 call 6eae7b8 38->127 39->56 60 6eae370-6eae37f 39->60 44 6eae528-6eae52b 40->44 45 6eae507-6eae523 40->45 43 6eae4eb-6eae4ed 43->37 44->34 49 6eae794-6eae796 44->49 45->44 52 6eae798 49->52 53 6eae79d-6eae7a0 49->53 54 6eae774 50->54 61 6eae59e-6eae5e2 51->61 62 6eae580-6eae599 51->62 52->53 53->23 57 6eae7a6-6eae7b0 53->57 63 6eae775 54->63 56->3 67 6eae381-6eae387 60->67 68 6eae397-6eae3d2 call 6ea9b48 60->68 80 6eae5fe-6eae63d 61->80 81 6eae5e4-6eae5f6 61->81 62->54 63->63 70 6eae38b-6eae38d 67->70 71 6eae389 67->71 87 6eae3ea-6eae401 68->87 88 6eae3d4-6eae3da 68->88 70->68 71->68 85 6eae643-6eae71e call 6ea9b48 80->85 86 6eae724-6eae739 80->86 81->80 85->86 86->50 98 6eae419-6eae42a 87->98 99 6eae403-6eae409 87->99 90 6eae3de-6eae3e0 88->90 91 6eae3dc 88->91 90->87 91->87 104 6eae42c-6eae432 98->104 105 6eae442-6eae453 98->105 100 6eae40b 99->100 101 6eae40d-6eae40f 99->101 100->98 101->98 107 6eae436-6eae438 104->107 108 6eae434 104->108 105->20 107->105 108->105 126->43 127->43
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1273862796
                                            • Opcode ID: 618efce13fba997aa54dc2bed21612a5a380e9ae7709cba73fde76504c85ddff
                                            • Instruction ID: 0437c8481d739392d1686754dea305a5e0d90d651bc7d43a9eab843ae67a27d1
                                            • Opcode Fuzzy Hash: 618efce13fba997aa54dc2bed21612a5a380e9ae7709cba73fde76504c85ddff
                                            • Instruction Fuzzy Hash: 80E15C30E1030A8FDB69DFA8D4906AEB7B6EF85304F109929D409AF355DB74EC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAC6F0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 386 6eac6f0-6eac715 387 6eac717-6eac71a 386->387 388 6eac71c-6eac73b 387->388 389 6eac740-6eac743 387->389 388->389 390 6eac749-6eac75e 389->390 391 6ead003-6ead005 389->391 398 6eac760-6eac766 390->398 399 6eac776-6eac799 390->399 393 6ead00c-6ead00f 391->393 394 6ead007 391->394 393->387 395 6ead015-6ead01f 393->395 394->393 400 6eac76a-6eac76c 398->400 401 6eac768 398->401 404 6eac79b-6eac7a1 399->404 405 6eac7b1-6eac7fa 399->405 400->399 401->399 406 6eac7a3 404->406 407 6eac7a5-6eac7a7 404->407 413 6eac804-6eac822 405->413 406->405 407->405 416 6eac84e-6eac86a 413->416 417 6eac824-6eac847 413->417 422 6eac86c-6eac88f 416->422 423 6eac896-6eac8b1 416->423 417->416 422->423 428 6eac8dc-6eac8f7 423->428 429 6eac8b3-6eac8d5 423->429 434 6eac8f9-6eac91b 428->434 435 6eac922-6eac92c 428->435 429->428 434->435 436 6eac92e-6eac937 435->436 437 6eac93c-6eac9b6 435->437 436->395 443 6eac9b8-6eac9d6 437->443 444 6eaca03-6eaca18 437->444 448 6eac9d8-6eac9e7 443->448 449 6eac9f2-6eaca01 443->449 444->391 448->449 449->443 449->444
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q$$]q$$]q
                                            • API String ID: 0-858218434
                                            • Opcode ID: a5b0bb1aa105db136e0ed2be6a4dc5bba8150acbf99c230c6ba33c5ff7e0fced
                                            • Instruction ID: 01c4ae288bbacf2ed02cab304ea96545af445b9c0bc9edbf345d91683d4860c0
                                            • Opcode Fuzzy Hash: a5b0bb1aa105db136e0ed2be6a4dc5bba8150acbf99c230c6ba33c5ff7e0fced
                                            • Instruction Fuzzy Hash: 2B913E30B0030A9FDB94DF68D950BAEB3F6BF85704F208565D409EB354EB74AD468B92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7D20 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 718 6ea7d20-6ea7d44 719 6ea7d46-6ea7d49 718->719 720 6ea7d6a-6ea7d6d 719->720 721 6ea7d4b-6ea7d65 719->721 722 6ea844c-6ea844e 720->722 723 6ea7d73-6ea7e6b 720->723 721->720 724 6ea8450 722->724 725 6ea8455-6ea8458 722->725 741 6ea7eee-6ea7ef5 723->741 742 6ea7e71-6ea7eb9 723->742 724->725 725->719 727 6ea845e-6ea846b 725->727 743 6ea7efb-6ea7f6b 741->743 744 6ea7f79-6ea7f82 741->744 763 6ea7ebe call 6ea85d8 742->763 764 6ea7ebe call 6ea85d7 742->764 761 6ea7f6d 743->761 762 6ea7f76 743->762 744->727 755 6ea7ec4-6ea7ee0 758 6ea7eeb 755->758 759 6ea7ee2 755->759 758->741 759->758 761->762 762->744 763->755 764->755
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fbq$XPbq$\Obq
                                            • API String ID: 0-4057264190
                                            • Opcode ID: 57348dff4c66aadabedd8bc4fb2bb09008cf45c04e86bbb42fa0fb9707dca426
                                            • Instruction ID: 65dcc68a084ee3c7f3d95b70adf5fb706685353aa18ee1c2d6254cff29bf8843
                                            • Opcode Fuzzy Hash: 57348dff4c66aadabedd8bc4fb2bb09008cf45c04e86bbb42fa0fb9707dca426
                                            • Instruction Fuzzy Hash: B1614E74E003099FEF54DFA5C8547AEBAF6FF88700F208429E106AB395DB759C458B91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02E47EF1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 765 2e47ef1-2e47f7c CheckRemoteDebuggerPresent 768 2e47f85-2e47fc0 765->768 769 2e47f7e-2e47f84 765->769 769->768
                                            APIs
                                            • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02E47F6F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3248954917.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_2e40000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: CheckDebuggerPresentRemote
                                            • String ID: =V#4
                                            • API String ID: 3662101638-3559468726
                                            • Opcode ID: 10539a85f679873e7f08bdc409409953a3bee56e9e8476f18c3f871cc3cbcf31
                                            • Instruction ID: 001513ee986f2b41118e2d197c22332a821249a0a5f4e548a81190571790a851
                                            • Opcode Fuzzy Hash: 10539a85f679873e7f08bdc409409953a3bee56e9e8476f18c3f871cc3cbcf31
                                            • Instruction Fuzzy Hash: 342134B18002598FCB10CF9AD884BEEFBF4EF49320F14845AE458B3250D778A944CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02E4AE4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 778 2e4ae4c-2e4b822 781 2e4b824-2e4b82a 778->781 782 2e4b82d-2e4b831 778->782 781->782 783 2e4b833-2e4b836 782->783 784 2e4b839-2e4b86d MoveFileA 782->784 783->784 785 2e4b876-2e4b88a 784->785 786 2e4b86f-2e4b875 784->786 786->785
                                            APIs
                                            • MoveFileA.KERNEL32(?,00000000,?,?), ref: 02E4B860
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3248954917.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_2e40000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: FileMove
                                            • String ID: =V#4
                                            • API String ID: 3562171763-3559468726
                                            • Opcode ID: 0f772dfb5be126d4431688af9da11ffbd1a7e554a5f93be0cdca369c8e737023
                                            • Instruction ID: 5a68700f207da5c1dabaf1a39dd57bbe7727e6b19cc795214fa3b8c79fc988f2
                                            • Opcode Fuzzy Hash: 0f772dfb5be126d4431688af9da11ffbd1a7e554a5f93be0cdca369c8e737023
                                            • Instruction Fuzzy Hash: 542125B6C01208DFCB50CF99E884ADEFBF5FB88314F10805AE918AB204C7759940CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02E4B7C8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 788 2e4b7c8-2e4b822 791 2e4b824-2e4b82a 788->791 792 2e4b82d-2e4b831 788->792 791->792 793 2e4b833-2e4b836 792->793 794 2e4b839-2e4b86d MoveFileA 792->794 793->794 795 2e4b876-2e4b88a 794->795 796 2e4b86f-2e4b875 794->796 796->795
                                            APIs
                                            • MoveFileA.KERNEL32(?,00000000,?,?), ref: 02E4B860
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3248954917.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_2e40000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID: FileMove
                                            • String ID: =V#4
                                            • API String ID: 3562171763-3559468726
                                            • Opcode ID: 4844ce2ab0b8d0f34b7b708a43e651380deb786c58dfc3a355286c8ba6a65df6
                                            • Instruction ID: f705a57689921d594044667e2dea40684076cef545bc6e1661233eae3bbbc2b6
                                            • Opcode Fuzzy Hash: 4844ce2ab0b8d0f34b7b708a43e651380deb786c58dfc3a355286c8ba6a65df6
                                            • Instruction Fuzzy Hash: 4F2107B6C012099FCB50CF99E984ADEFBF5FF88314F14805AE818AB205D7759940CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAC6EF Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q
                                            • API String ID: 0-127220927
                                            • Opcode ID: e6b8e2be4e1af869d4b55de86974b4005c5b632a23873e10333b7b90b6640250
                                            • Instruction ID: ab1d1f0b9c7cf652bed96848040347bdd292a03c1619f0b88205ea8470362e38
                                            • Opcode Fuzzy Hash: e6b8e2be4e1af869d4b55de86974b4005c5b632a23873e10333b7b90b6640250
                                            • Instruction Fuzzy Hash: 8F511D30B0030A9FDB55DF78D990B6E73E6BF84604F108469D409EB394EB35AC468B92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7D1F Relevance: 2.6, Strings: 2, Instructions: 133COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: fbq$XPbq
                                            • API String ID: 0-2292610095
                                            • Opcode ID: 8337ea9a302b1338ad97a518693b91ba8ebcbb93a74abc21d1c5064e00896001
                                            • Instruction ID: afa1ba019e2512ed5de500c21d0791e9a6cd2cec2176bf6e710ab98b9d8455e1
                                            • Opcode Fuzzy Hash: 8337ea9a302b1338ad97a518693b91ba8ebcbb93a74abc21d1c5064e00896001
                                            • Instruction Fuzzy Hash: B2514D74F002099FEB54DFA5C854BAEBAF6FF88700F208529E106AF395DA759C05CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA8940 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $
                                            • API String ID: 0-3993045852
                                            • Opcode ID: 295d3a62c60d6f23caafc6c146270a6278e346ed2ed04e7053f24cfdd7f1502d
                                            • Instruction ID: 7f0249b6c545f8575c0425a50129b5c6cd027d1c97562ff33f97576d0aea02e3
                                            • Opcode Fuzzy Hash: 295d3a62c60d6f23caafc6c146270a6278e346ed2ed04e7053f24cfdd7f1502d
                                            • Instruction Fuzzy Hash: CCE1B035E003198FDBA4DFA4C5906AEB7B2FF84318F108569D44AAF394DB35AC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA5785 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH]q
                                            • API String ID: 0-3168235125
                                            • Opcode ID: ecc834fd92fd9aca1cdba5370afcd059b97f2da4bb657a6510e489340b5ee9d6
                                            • Instruction ID: 237398f28da65e84b0ce8d90a7f487e2b54e0162dcf6a852bb1d9a86601131df
                                            • Opcode Fuzzy Hash: ecc834fd92fd9aca1cdba5370afcd059b97f2da4bb657a6510e489340b5ee9d6
                                            • Instruction Fuzzy Hash: E031ED30B103069FDB589B70D4506AE3AE3AF89204F608479D406EF395EF38EC4ACB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA5798 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH]q
                                            • API String ID: 0-3168235125
                                            • Opcode ID: 64f6954e2982868ceb8ad28d473f8505995bee442951d21778e14c5bbee8b4a3
                                            • Instruction ID: 8000e4250803fecaa4333dfb0315cacb9f080572a70a98808df31ff06c591f6f
                                            • Opcode Fuzzy Hash: 64f6954e2982868ceb8ad28d473f8505995bee442951d21778e14c5bbee8b4a3
                                            • Instruction Fuzzy Hash: 5031BC30B103069FDB58AB34D45466E7AE7AF89204F608438D40AEF395EE75EC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA6E40 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: =V#4
                                            • API String ID: 0-3559468726
                                            • Opcode ID: c41be9e5f9f39d55a3b6eb59dfd4470a0ac299a58ab29891b107c4378843fb1d
                                            • Instruction ID: 77c3d333d5daf6d97b7545d2b242d104428dc657c75ff7cfd6ba2f67723c9132
                                            • Opcode Fuzzy Hash: c41be9e5f9f39d55a3b6eb59dfd4470a0ac299a58ab29891b107c4378843fb1d
                                            • Instruction Fuzzy Hash: 2D11C2B1D012599FCB00DF9AD884ADEFFB4FB49310F50812AE518A7240C374A544CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA6E3F Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: =V#4
                                            • API String ID: 0-3559468726
                                            • Opcode ID: 4f52fd36e971d4b570cf7464324e0ff353831370fb2e626cd2fbf7017db33f21
                                            • Instruction ID: 72c1cc74bc86ddac2d6d875f87ff2dff9d8a987f92fd7a14c54058cd0ea04f8c
                                            • Opcode Fuzzy Hash: 4f52fd36e971d4b570cf7464324e0ff353831370fb2e626cd2fbf7017db33f21
                                            • Instruction Fuzzy Hash: 0A11CFB5D012199FCB00DF9AD984ADEFBB4FB09310F10812AE518B7240C378A544CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAB870 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q
                                            • API String ID: 0-1007455737
                                            • Opcode ID: 1f271007051b2b970caafb21b048fcd83be4bceff3e1385cd503fceaf633689e
                                            • Instruction ID: 93d423072a612b33fe98adf64b3da3dc6b23089fde8fc85cdf7a3b021f9438c7
                                            • Opcode Fuzzy Hash: 1f271007051b2b970caafb21b048fcd83be4bceff3e1385cd503fceaf633689e
                                            • Instruction Fuzzy Hash: 9EF08C31B1030A9FDFA49E98EA806A8B7A5FF41319F145466C909EF241D625F905CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA3200 Relevance: .3, Instructions: 334COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b70cf198855fa31e634a0443420240f9de1029828c7872864794c43df457a1d3
                                            • Instruction ID: dc60fc8886f1d8c4d1622d61988b4022ad0d77775155804ac0de17b0e9a65584
                                            • Opcode Fuzzy Hash: b70cf198855fa31e634a0443420240f9de1029828c7872864794c43df457a1d3
                                            • Instruction Fuzzy Hash: B4B1EB71B003129FDB55CF68C890A6EBBA6FB84314F2485AAD41ACF295CB35EC46C791
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAE7B8 Relevance: .3, Instructions: 292COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eaab6775755c2440dc2ff9dcac7d863b5c7de523db8670e50dfc6d2b98febb33
                                            • Instruction ID: b808abd3d55912c051eef2b79bb47f604920e7061daa370c9e6b00f3718323e8
                                            • Opcode Fuzzy Hash: eaab6775755c2440dc2ff9dcac7d863b5c7de523db8670e50dfc6d2b98febb33
                                            • Instruction Fuzzy Hash: 94A18070E003099FEFA4CB68D5947AE77B6FF85314F204825E409EB395DA28EC81DB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA2EE8 Relevance: .3, Instructions: 262COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 559daba0b19dd06f7140051ceb700241b0b5a1ebfd81f257bd074585c18da21b
                                            • Instruction ID: 788c0c671da7a0095f06221b8c66aa24a0724405e634434d78f4a0db6e91c3dd
                                            • Opcode Fuzzy Hash: 559daba0b19dd06f7140051ceb700241b0b5a1ebfd81f257bd074585c18da21b
                                            • Instruction Fuzzy Hash: CF91C032E103258FDB54CA58C8806BEF7B2EB84314F29896AD559FF641D235ED89C790
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EABFC8 Relevance: .3, Instructions: 262COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6bdb2d5672f6da7b3365f15984b2aa8d18528c9467ccd19aea7c15030bd60d40
                                            • Instruction ID: dbb0e872ff7d061f42b41f102296789a84605f46c9c1624a07e024309240e4a3
                                            • Opcode Fuzzy Hash: 6bdb2d5672f6da7b3365f15984b2aa8d18528c9467ccd19aea7c15030bd60d40
                                            • Instruction Fuzzy Hash: A9A13C70B003198FDB54DF74D8907AEB7B2FF89304F2085A9D409AB355EA35AD86CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAA2B8 Relevance: .3, Instructions: 257COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4bf97c1a164131a8f2426cee3b38d9b31a64c4b8e79102a9916c652cf9172331
                                            • Instruction ID: 411d84c09b137fbc4767ade6177742e3055e1ea2237a2631b8dbc1f7e8388b33
                                            • Opcode Fuzzy Hash: 4bf97c1a164131a8f2426cee3b38d9b31a64c4b8e79102a9916c652cf9172331
                                            • Instruction Fuzzy Hash: 68A15730A003049FCBA4DB68D588AADB7F6EF84314F549879E459AF261DB35FC45CB84
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA9390 Relevance: .2, Instructions: 229COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d499632e7770364683952aeffb4715e4072720f9fd92ed0663cb9d0cce2a5a4a
                                            • Instruction ID: 5234e97314d28e41bb393f7d9cd7dc82d71f3a972ae0ddf4e357a3c47a5f4c13
                                            • Opcode Fuzzy Hash: d499632e7770364683952aeffb4715e4072720f9fd92ed0663cb9d0cce2a5a4a
                                            • Instruction Fuzzy Hash: BD61DF71F002214FDB54AA6EC88065FBADBAFD4224F154479D80EDB361DE69ED0287D2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7468 Relevance: .2, Instructions: 218COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ed158a2c011b77e7094c85f14608602bc28e057a53c9c6cfc6f14e37480cf97b
                                            • Instruction ID: 93720ff118394a9be1cf1bb8b6e08474cc437162d4890acdaa83f85305940456
                                            • Opcode Fuzzy Hash: ed158a2c011b77e7094c85f14608602bc28e057a53c9c6cfc6f14e37480cf97b
                                            • Instruction Fuzzy Hash: 01812C34B1070A8FDF44DFA9C4547AEB7B2EF85304F118429D40AEB395DA74EC468B91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7467 Relevance: .2, Instructions: 215COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 457af98b352441e151fa437b1cbc670fc450bdebd73c461b19365635c025bfcc
                                            • Instruction ID: 85a90d856e11b36edc7e1fc007932bdc45fee3e8dd7fda09cbf927d6193533bb
                                            • Opcode Fuzzy Hash: 457af98b352441e151fa437b1cbc670fc450bdebd73c461b19365635c025bfcc
                                            • Instruction Fuzzy Hash: 27812C74B1070A8FDF44DFA8C4947AEB7B2EF89304F118429D40AEB395DA34EC468B81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7788 Relevance: .2, Instructions: 210COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 41e2e74d7d0a4a7bb29b96f1c05328e5bf78811d44bc59ec5bcf4fd4d7848450
                                            • Instruction ID: 62ef3b6184e8db7b1e352c1e2eb7d1ba112fb889c6a157c60857afba91d5e77d
                                            • Opcode Fuzzy Hash: 41e2e74d7d0a4a7bb29b96f1c05328e5bf78811d44bc59ec5bcf4fd4d7848450
                                            • Instruction Fuzzy Hash: D8913A34E0031A8BDF60DF68C890B9DB7B1FF89304F208599D549BB255EB70AA85CF91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7787 Relevance: .2, Instructions: 208COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d965276126e7697e22cb779b2973714ddd4bf42c2bd3f096cfe038ac9806f521
                                            • Instruction ID: 2af21d3df6497f6d61414d87c2e0b3d0afb0455aac22bf142ee5259389e20841
                                            • Opcode Fuzzy Hash: d965276126e7697e22cb779b2973714ddd4bf42c2bd3f096cfe038ac9806f521
                                            • Instruction Fuzzy Hash: 1C913A34E0031A8BDF60DF68C990B9DB7B1FF89304F208599D549BB255EB70AA85CF91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA8758 Relevance: .2, Instructions: 168COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c5081620f0613f57ec86199e1e9070d53c5c1e41dee952806bdeb43e28fb0567
                                            • Instruction ID: 5ecfe57a1b684d999c36e3c0814e2c46a9311adf9adc99d2017728111eac553b
                                            • Opcode Fuzzy Hash: c5081620f0613f57ec86199e1e9070d53c5c1e41dee952806bdeb43e28fb0567
                                            • Instruction Fuzzy Hash: 11519E35E0030A8FDF648BA8C88066FFBB1FB45318F509966E559DF281CB34E981CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAFD68 Relevance: .2, Instructions: 160COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d0396c4d20acdfa4292db7985b8206ecd7065e74c4d87b89d6829a84fd2e88fd
                                            • Instruction ID: 107173ff74828ae943b3bf54c796c6cd71ae9d7a31854640e224ae18611c0524
                                            • Opcode Fuzzy Hash: d0396c4d20acdfa4292db7985b8206ecd7065e74c4d87b89d6829a84fd2e88fd
                                            • Instruction Fuzzy Hash: 5E516034B003098FCB54EF68E590A9DB7F6FF85314B609568D505AB358DB31EC02CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA85D8 Relevance: .1, Instructions: 126COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b29f8fc03f85db3ec2ce9a1c1b77f35a56d497aa07318f58e78114e814e979f5
                                            • Instruction ID: 1f454397d50e8dd9492cd551b857fe684f35e670d191e98ff32f8cc5659e041f
                                            • Opcode Fuzzy Hash: b29f8fc03f85db3ec2ce9a1c1b77f35a56d497aa07318f58e78114e814e979f5
                                            • Instruction Fuzzy Hash: 42416C71E107098FDB74CEA9D880AAFFBF5FB84214F10592AE25ADB640D731A8458B91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EABFB8 Relevance: .1, Instructions: 97COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4200a39a16697e87224334574fc19eb87cee0d41e2e48b5ebf57de62e5bdf43
                                            • Instruction ID: d96a209ed004ab7e7914c35bd504eb47be7802b8ab40352bc8adacf0b077a430
                                            • Opcode Fuzzy Hash: b4200a39a16697e87224334574fc19eb87cee0d41e2e48b5ebf57de62e5bdf43
                                            • Instruction Fuzzy Hash: E031A135B003098FCB54DF78E890A9DBBB6EF85218F1145A9D05AAB264DB35AC46CF81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA5658 Relevance: .1, Instructions: 91COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 80a53055be1dad1032299a974b4440ad3a5310c1ffa155a19114ecfb6ca978a7
                                            • Instruction ID: 5e8e84ea2b3c3565c694a8ec7e262cc572247eb1648104df9bebb78cd9b73d53
                                            • Opcode Fuzzy Hash: 80a53055be1dad1032299a974b4440ad3a5310c1ffa155a19114ecfb6ca978a7
                                            • Instruction Fuzzy Hash: 6A313C71E107099BCB59DFA4D49469EB7F6BF89304F10C929E806EB350DB70AC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA5657 Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e21f72aef8788f0eee7a52ad212779b173d270056a0f7406b92b9143cfd9e1d
                                            • Instruction ID: 7b2b2a97b04e98042f558e266067c826d634f93f486c3dcfcf7c89f38cb5d655
                                            • Opcode Fuzzy Hash: 0e21f72aef8788f0eee7a52ad212779b173d270056a0f7406b92b9143cfd9e1d
                                            • Instruction Fuzzy Hash: 87313C75E107099BCB59CFA4D49469EB7F6BF89304F10C929E806EB350DB70AC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7060 Relevance: .1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 87a4fd0d25525bc61b04724c87b2d8e336e9c8a9898afac816ce39886fb7ddad
                                            • Instruction ID: 849a590b606d93e3f0ed28717ab5ab34b6ca2561c3f325e799fdbb6dc1bf7236
                                            • Opcode Fuzzy Hash: 87a4fd0d25525bc61b04724c87b2d8e336e9c8a9898afac816ce39886fb7ddad
                                            • Instruction Fuzzy Hash: AC215AB6F003159FDB50CF69D890AEEBBF1EB48610F108079E945EB390E639D9428B91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA8757 Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b56ab1ac21c87ad625812215d871246196a084b629a26a2b650c21507ded3604
                                            • Instruction ID: 8eba7dcb03c7c17c13577bc2833e9124f1b4e3310a4ead206f97a1d9d5025656
                                            • Opcode Fuzzy Hash: b56ab1ac21c87ad625812215d871246196a084b629a26a2b650c21507ded3604
                                            • Instruction Fuzzy Hash: CA214F79F103058BDF649EA9C88076FFAB1FB48214F50983AE509DB281DA75E851CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7070 Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7495655f8eda6513b14d4da419fcc232c563bcee9fa5a7be832b82dc8f770f40
                                            • Instruction ID: f1395d4d03a15a4d4d16b03af321532ecd757431467ef2b8e8acf7f7bb8ebe95
                                            • Opcode Fuzzy Hash: 7495655f8eda6513b14d4da419fcc232c563bcee9fa5a7be832b82dc8f770f40
                                            • Instruction Fuzzy Hash: B12157B5E013159FDF50CF69D880AAEB7F5EB48614F108075E905EB381E639ED418B91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 015CD030 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3248598248.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_15cd000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 49118357af2514be4956bea0d673c91006518241f6996badb16cecfb06e9d8a6
                                            • Instruction ID: ebd24d3e78ab2aa90faf22b08f3fa89f78fb053e7c7f82a1669a884220d45b4c
                                            • Opcode Fuzzy Hash: 49118357af2514be4956bea0d673c91006518241f6996badb16cecfb06e9d8a6
                                            • Instruction Fuzzy Hash: 44214271104200EFCB11DF98C9C0B26BBB5FB84714F20C97ED8099F252D33AD406CAA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 015CD006 Relevance: .1, Instructions: 71COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3248598248.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_15cd000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b5a14f285dbc0f7db21535621b8bc31bb3089abf5b8d6727edcc9d3af0c7098f
                                            • Instruction ID: 5529296e109fc222681efe5d0a7bfc6576c28df25a5618dca016e1caaa934404
                                            • Opcode Fuzzy Hash: b5a14f285dbc0f7db21535621b8bc31bb3089abf5b8d6727edcc9d3af0c7098f
                                            • Instruction Fuzzy Hash: 1A216D750093C09FC703CF68C994715BF71AB46214F29C5EBD8898F2A7D23A980ACB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAA2B7 Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 372cb45fae580ff6e220dabbf82da8c5d36596cdb4af75d4c22137f8fd767c36
                                            • Instruction ID: 1d42b9a0c571d845e8d3c35ef24f0294d15399d6462658a8408d7d5414def3b2
                                            • Opcode Fuzzy Hash: 372cb45fae580ff6e220dabbf82da8c5d36596cdb4af75d4c22137f8fd767c36
                                            • Instruction Fuzzy Hash: 4B215971B103199BDF84DAACE9A46ADB7A6EF84314F509435D409EB384DB31EC46CB81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA6620 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 49cc8dae45e996144f1a618fe16f03b22967767dc999c95b58a42b1180593a8b
                                            • Instruction ID: a0f225137873cdf0bea1e9b892640a47dd51552bcdf5223d635feaac4e07f671
                                            • Opcode Fuzzy Hash: 49cc8dae45e996144f1a618fe16f03b22967767dc999c95b58a42b1180593a8b
                                            • Instruction Fuzzy Hash: 59118170E103199FCB589B68D8805DEB7B6EBC9310F149569D109EB300DA31EA41CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA7180 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 723d8519a0417d54d4776feabc726ce616ff7db1f4da92a4b5ce268bb9e50366
                                            • Instruction ID: 08eaaa438b4f3fbb67d706476f14bddb0af066f76891f0bbb907b91e490f22e5
                                            • Opcode Fuzzy Hash: 723d8519a0417d54d4776feabc726ce616ff7db1f4da92a4b5ce268bb9e50366
                                            • Instruction Fuzzy Hash: 80116536B142194BDF54DA78DC24ABF77EAEBC8614F014539D40AEB340DE25DC0687D1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA73C8 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bc27760e77609a62667331a65f779d3224b67ed49d370ba51aa27f475a43ad31
                                            • Instruction ID: 76a538ac6fd9a0f20039f275af41def13ad01134a19774bdac0309b786f54533
                                            • Opcode Fuzzy Hash: bc27760e77609a62667331a65f779d3224b67ed49d370ba51aa27f475a43ad31
                                            • Instruction Fuzzy Hash: 1801AD35B102154BDF64D6ADD45472FA7DBDBC9619F208839E10ECB345DE61EC024381
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA73C7 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1a3e039191bd51b51ac2fc491c747253ceb356e3eb3b1260183c3af1430b61c5
                                            • Instruction ID: 418bd932486dad9367234e32ceced2b3286d17cf7a8213db4858decda230df38
                                            • Opcode Fuzzy Hash: 1a3e039191bd51b51ac2fc491c747253ceb356e3eb3b1260183c3af1430b61c5
                                            • Instruction Fuzzy Hash: 9601FF79B102114BDF64D6ADE45472FA7CBDBC9719F20883AE20ECB349DE61EC024381
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAD8AD Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3c680ae71e08b30a0ebd5643655181a5b9cc54e09a9d6eeaa360af69e911b27
                                            • Instruction ID: 72ea47b8b3348e9a851212dd22d5cfb6186c773b497568ea874c9a65ce0e3612
                                            • Opcode Fuzzy Hash: a3c680ae71e08b30a0ebd5643655181a5b9cc54e09a9d6eeaa360af69e911b27
                                            • Instruction Fuzzy Hash: 47018130B102144FDB50DAACEC50B6A67D6EFC5718F109838E10EDBB54DE25EC428780
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAD8B0 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 240796c0ab363d4981a033b521d0e0eeeeac80f46987c9abea01fe0a4224fcb8
                                            • Instruction ID: aa36a1a11552107798d64f7e4851a08337728bfaf05d1121ac7ceb48619d21f2
                                            • Opcode Fuzzy Hash: 240796c0ab363d4981a033b521d0e0eeeeac80f46987c9abea01fe0a4224fcb8
                                            • Instruction Fuzzy Hash: 55018130B103184BDB50DA6CEC50B5A77DAEF85718F509838E10EDB750EE65EC4287C1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA717F Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c1c3550b4d666bf17a54cc9ce7ab4d7dc54e1c8f125f5fd0550d3d865e4c9e6
                                            • Instruction ID: aefe41e560caf6eed401da7ffe7da95d35012c39612b499f90d59ad031e9166d
                                            • Opcode Fuzzy Hash: 3c1c3550b4d666bf17a54cc9ce7ab4d7dc54e1c8f125f5fd0550d3d865e4c9e6
                                            • Instruction Fuzzy Hash: C2018176B102154BEF55DAB8DC247BF72EAABC8614F05403AD50AEB244EE24DC0A47D1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAFD67 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 80610e736faf5f6c3ab0a6a6155bcfb6d414bbbb1e57f346c924020411014d9c
                                            • Instruction ID: 42177f4d44c255a36a9fa0769429141e03f179e8e81e1056ab2a5e7ea1c2b2f5
                                            • Opcode Fuzzy Hash: 80610e736faf5f6c3ab0a6a6155bcfb6d414bbbb1e57f346c924020411014d9c
                                            • Instruction Fuzzy Hash: E1F0A475E203289BCB589A68E85179DB37AFB85314F104479E505EB348DB31A804CB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAE4B0 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ebfc35a9ca954b05176a1ed5f7918e417bd4a338acd6ad95fc79570a030f615
                                            • Instruction ID: da4ee955c7c4175ad85bb701414580218cd0635fd63b39fae815d566c28f1bd3
                                            • Opcode Fuzzy Hash: 3ebfc35a9ca954b05176a1ed5f7918e417bd4a338acd6ad95fc79570a030f615
                                            • Instruction Fuzzy Hash: 72F0E576E103288BDF7085ACD80579EBBACE745738F10483BE90AEB340D631EC458782
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA9A28 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d695f540de2c31d7bebb1cc982d4da054aea450ef0e8f8d50fd5502c6a0cf0a5
                                            • Instruction ID: c54dad7e99e6acbaf98b09be10a62a4f62290d10d2ef8053d17499d200b90a94
                                            • Opcode Fuzzy Hash: d695f540de2c31d7bebb1cc982d4da054aea450ef0e8f8d50fd5502c6a0cf0a5
                                            • Instruction Fuzzy Hash: ACE0C270E24308ABDF20CEB4C90575A73EED741208F2094A6D408CB202E672EA018780
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EA9A27 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bda829a49e90f63abfd03e71466603fc68de0419d1f3c5651e854037aebc64cb
                                            • Instruction ID: 215967fe028ca31798f1212a4bf84115bf0d659fd86103309ebaacefadec3537
                                            • Opcode Fuzzy Hash: bda829a49e90f63abfd03e71466603fc68de0419d1f3c5651e854037aebc64cb
                                            • Instruction Fuzzy Hash: 04E01271E253089ADF60CAB4C74536A72E6EB45208F3099A6D409DB202E676EA418740
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 06EAAC40 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-2843079600
                                            • Opcode ID: e8826c6d6f0f1d97ef2015ab3f617f7dd96d48afbae6c76ca2200fd2b1b52f2c
                                            • Instruction ID: b1a56b0741fe7a3eb35646bde1c5f00f978770780ea39e0a5c68c17b0022f87a
                                            • Opcode Fuzzy Hash: e8826c6d6f0f1d97ef2015ab3f617f7dd96d48afbae6c76ca2200fd2b1b52f2c
                                            • Instruction Fuzzy Hash: A9123D30E00319CFDB68DF69D994AADB7B2BF88304F209569D409AB354DB34AD85CF91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EADED0 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-1273862796
                                            • Opcode ID: 3ff2db0ef08dd2de5805e8e77c8e9d35e0ddb322863552d56873cd299d32af05
                                            • Instruction ID: 1f2c961ba1a55fe650bc4981a9c22f0256fea2005b2e35312663475085407316
                                            • Opcode Fuzzy Hash: 3ff2db0ef08dd2de5805e8e77c8e9d35e0ddb322863552d56873cd299d32af05
                                            • Instruction Fuzzy Hash: 73914130A00309DFDB58DF64E994BAE77F6EF84304F109429E805AB394DB79AD45DB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAA640 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-981061697
                                            • Opcode ID: bebaf5681f19ed7e7ee602caa19ec7488e2f6ab613cbdb73799c20dd617bf194
                                            • Instruction ID: 658953eb8b6bf3c4b32d3235a7ed45baa25e3ea891c9a3f1a8ce195fecbfee2f
                                            • Opcode Fuzzy Hash: bebaf5681f19ed7e7ee602caa19ec7488e2f6ab613cbdb73799c20dd617bf194
                                            • Instruction Fuzzy Hash: 98F12C70A003098FDB58EF68D594A6EB7B7FF84304F149579D4059B3A9CB39AC82CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAEF90 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                            • API String ID: 0-3723351465
                                            • Opcode ID: f328641b0b630a874963a293e11d740e8b1b0bfe29ab2231b74319d4bb3844c9
                                            • Instruction ID: 24e8f25c15be0a92751aaf98445186c5074e3c1fa844314adddc8f7a1c452a44
                                            • Opcode Fuzzy Hash: f328641b0b630a874963a293e11d740e8b1b0bfe29ab2231b74319d4bb3844c9
                                            • Instruction Fuzzy Hash: 98719C70A0030A8FDB98DFA8D9906ADB7B6FF84304B108969D505EF355EB71AD46CB81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAB978 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q$$]q$$]q
                                            • API String ID: 0-858218434
                                            • Opcode ID: 3e20e33dd427e7fc063eb8757bf2f16c4c4acdedd2caa9f53c75c1e9f628843c
                                            • Instruction ID: b7d6f3fe3b8b95d4aaf009d11450d834ddf1cf5fc06d9db28c4d5010c150f7c3
                                            • Opcode Fuzzy Hash: 3e20e33dd427e7fc063eb8757bf2f16c4c4acdedd2caa9f53c75c1e9f628843c
                                            • Instruction Fuzzy Hash: D7B13A30A003098FDB58DFA8D5946AEB7B6FF84304F249569D40AAF355DB35EC86CB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EABD90 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LR]q$LR]q$$]q$$]q
                                            • API String ID: 0-3527005858
                                            • Opcode ID: 4f90027bd6baabb79107f8193f914371154fba873c7b19211c77a87eea26a240
                                            • Instruction ID: 905c422f3966bf07ba738e45a036cb5c2e8a2f7a4549eb8a27773043957f1681
                                            • Opcode Fuzzy Hash: 4f90027bd6baabb79107f8193f914371154fba873c7b19211c77a87eea26a240
                                            • Instruction Fuzzy Hash: 60517D30B103099FDB58DF28D990A6AB7E6FF89304F149568E5069F3A5DB34EC45CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 06EAE25F Relevance: 5.2, Strings: 4, Instructions: 154COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.3254117808.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_6ea0000_Rendeles_042024,jpg.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q$$]q$$]q
                                            • API String ID: 0-858218434
                                            • Opcode ID: ac1598aa1d5229f0deaa9d0ed8c12be53373fec93d99bf4f2789e2a5e0d0568d
                                            • Instruction ID: 51a5cd34ea4be46a7656654ed6800584ae9135e35cbf0293f15e96504ada557a
                                            • Opcode Fuzzy Hash: ac1598aa1d5229f0deaa9d0ed8c12be53373fec93d99bf4f2789e2a5e0d0568d
                                            • Instruction Fuzzy Hash: 78517C30B103058FDFA9DF68E590AAEB7B6EF84304F109929D845EB254DB34EC46DB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%