Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Szallitasi adatok.tar

Overview

General Information

Sample Name:Szallitasi adatok.tar
Analysis ID:383998
MD5:fa2c7acf057d7ecf693cbb13fab9b1b3
SHA1:b67cd39674b6d039e235fbb9cf0272a103afa475
SHA256:1b90e29a9f49905ead7832ff25d7ba91fddeb4827d7c8ca506c6c0b6f96acda7
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • unarchiver.exe (PID: 6880 cmdline: 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\Szallitasi adatok.tar' MD5: DB55139D9DD29F24AE8EA8F0E5606901)
    • 7za.exe (PID: 6916 cmdline: 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s' 'C:\Users\user\Desktop\Szallitasi adatok.tar' MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
      • conhost.exe (PID: 6964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 7008 cmdline: 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 7028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • Szallitasi adatok.exe (PID: 7056 cmdline: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe MD5: C615C5F811E05D5743CE4DD4AFAD4055)
        • Szallitasi adatok.exe (PID: 7104 cmdline: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe MD5: C615C5F811E05D5743CE4DD4AFAD4055)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "torremolinos3@copiplus.esvB&6mnT00r3mol2o17smtp.1and1.es"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.Szallitasi adatok.exe.4086228.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              7.2.Szallitasi adatok.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                6.2.Szallitasi adatok.exe.4086228.3.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  6.2.Szallitasi adatok.exe.4015208.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                    Sigma Overview

                    No Sigma rule has matched

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: 6.2.Szallitasi adatok.exe.4086228.3.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "torremolinos3@copiplus.esvB&6mnT00r3mol2o17smtp.1and1.es"}
                    Multi AV Scanner detection for dropped fileShow sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeReversingLabs: Detection: 18%
                    Machine Learning detection for dropped fileShow sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeJoe Sandbox ML: detected
                    Source: 7.2.Szallitasi adatok.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                    Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 4x nop then jmp 02EB099Bh0_2_02EB02A8
                    Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 4x nop then jmp 02EB099Ah0_2_02EB02A8
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h6_2_04E697A8
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h6_2_04E69798
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h6_2_04E68288
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h6_2_04E68279
                    Source: global trafficTCP traffic: 192.168.2.6:49748 -> 212.227.15.158:587
                    Source: Joe Sandbox ViewIP Address: 212.227.15.158 212.227.15.158
                    Source: global trafficTCP traffic: 192.168.2.6:49748 -> 212.227.15.158:587
                    Source: unknownDNS traffic detected: queries for: smtp.1and1.es
                    Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                    Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpString found in binary or memory: http://CpKupV.com
                    Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                    Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0
                    Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmpString found in binary or memory: http://cdp.geotrust.com/GeoTrustRSACA2018.crl0L
                    Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                    Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0B
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000002.343135328.0000000002DF1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4
                    Source: Szallitasi adatok.exe, 00000007.00000002.592552943.00000000037DC000.00000004.00000001.sdmpString found in binary or memory: http://smtp.1and1.es
                    Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmpString found in binary or memory: http://status.geotrust.com0=
                    Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000007.00000003.544547709.00000000015E4000.00000004.00000001.sdmpString found in binary or memory: http://wjANZKRbswl5oYyv5U.com
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: Szallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.328833893.0000000005E61000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
                    Source: Szallitasi adatok.exe, 00000006.00000003.328759345.0000000005E61000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com.N
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: Szallitasi adatok.exe, 00000006.00000003.328833893.0000000005E61000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comn-u
                    Source: Szallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comn-u0
                    Source: Szallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comr
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.334203954.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: Szallitasi adatok.exe, 00000006.00000003.330798629.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: Szallitasi adatok.exe, 00000006.00000003.330983935.0000000005E62000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                    Source: Szallitasi adatok.exe, 00000006.00000003.330590528.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/i
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: Szallitasi adatok.exe, 00000006.00000003.330822847.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersC
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: Szallitasi adatok.exe, 00000006.00000003.330822847.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersP
                    Source: Szallitasi adatok.exe, 00000006.00000003.331212623.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers~
                    Source: Szallitasi adatok.exe, 00000006.00000003.341878900.0000000005E3A000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comaJ
                    Source: Szallitasi adatok.exe, 00000006.00000003.341878900.0000000005E3A000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comasc
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: Szallitasi adatok.exe, 00000006.00000003.328398898.0000000005E5D000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cna-e
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: Szallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: Szallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr-e
                    Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329458297.0000000005E34000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//
                    Source: Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/C
                    Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/U
                    Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
                    Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/J
                    Source: Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/n
                    Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/nb-n
                    Source: Szallitasi adatok.exe, 00000006.00000003.333277327.0000000005E61000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: Szallitasi adatok.exe, 00000006.00000003.329984191.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: Szallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: Szallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr.krt-b
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
                    Source: Szallitasi adatok.exe, 00000006.00000003.329144440.0000000005E61000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comslnt
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
                    Source: Szallitasi adatok.exe, 00000006.00000003.331404258.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: Szallitasi adatok.exe, 00000006.00000003.331404258.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.derT
                    Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: Szallitasi adatok.exe, 00000006.00000003.328730706.0000000005E61000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cna
                    Source: Szallitasi adatok.exe, Szallitasi adatok.exe, 00000007.00000000.340920875.0000000000F82000.00000002.00020000.sdmp, Szallitasi adatok.tarString found in binary or memory: https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
                    Source: Szallitasi adatok.exe, Szallitasi adatok.tarString found in binary or memory: https://github.com/Spegeli/Pokemon-Go-Rocket-API/archive/master.zip
                    Source: Szallitasi adatok.exe, Szallitasi adatok.exe, 00000007.00000000.340920875.0000000000F82000.00000002.00020000.sdmp, Szallitasi adatok.tarString found in binary or memory: https://github.com/d-haxton/HaxtonBot/archive/master.zip
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
                    Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                    Source: Szallitasi adatok.exe, 00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                    Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

                    System Summary:

                    barindex
                    .NET source code contains very large array initializationsShow sources
                    Source: 7.2.Szallitasi adatok.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bEC539FFCu002dC2DEu002d4D49u002d9C7Du002d51A304EDDE69u007d/DB0019FBu002dD56Eu002d4258u002d8DEFu002dF1840779C330.csLarge array initialization: .cctor: array initializer size 11940
                    Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_02EB02A80_2_02EB02A8
                    Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_02EB02990_2_02EB0299
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_00A320506_2_00A32050
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_014C94A86_2_014C94A8
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_014CDCF46_2_014CDCF4
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_014CC1486_2_014CC148
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_014CE2186_2_014CE218
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_014CA7486_2_014CA748
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E600406_2_04E60040
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E621306_2_04E62130
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E61C306_2_04E61C30
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E65AF56_2_04E65AF5
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E654A86_2_04E654A8
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E654B86_2_04E654B8
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E600066_2_04E60006
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E630076_2_04E63007
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E610176_2_04E61017
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E630186_2_04E63018
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E621206_2_04E62120
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E61C216_2_04E61C21
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E60EE06_2_04E60EE0
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_04E60ED86_2_04E60ED8
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_00F820507_2_00F82050
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_017F20207_2_017F2020
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_017FAB707_2_017FAB70
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_017F26187_2_017F2618
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_017FC3787_2_017FC378
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018390007_2_01839000
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018338007_2_01833800
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018377A07_2_018377A0
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_01831AE07_2_01831AE0
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018311087_2_01831108
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018388207_2_01838820
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0183C7C87_2_0183C7C8
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0183A3707_2_0183A370
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0183F2047_2_0183F204
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0183BA507_2_0183BA50
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0188F3C07_2_0188F3C0
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0188B7D47_2_0188B7D4
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_01885D407_2_01885D40
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018800407_2_01880040
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018871F07_2_018871F0
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0188A7407_2_0188A740
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018891807_2_01889180
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018800147_2_01880014
                    Source: Szallitasi adatok.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: Szallitasi adatok.tarBinary or memory string: OriginalFilenameIsByValue.exeD vs Szallitasi adatok.tar
                    Source: Szallitasi adatok.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: 7.2.Szallitasi adatok.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 7.2.Szallitasi adatok.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winTAR@11/4@1/1
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Szallitasi adatok.exe.logJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6964:120:WilError_01
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7028:120:WilError_01
                    Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\mcgybaxf.vdbJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: Select * from UnmanagedMemoryStreamWrapper WHERE modelo=@modelo;?
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel5Erro ao listar Banco sql-UnmanagedMemoryStreamWrapper.INSERT INTO Aluguel VALUES(@clienteID, @data);
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: INSERT INTO UnmanagedMemoryStreamWrapper VALUES(@modelo, @fabricante, @ano, @cor);
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
                    Source: unknownProcess created: C:\Windows\SysWOW64\unarchiver.exe 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\Szallitasi adatok.tar'
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s' 'C:\Users\user\Desktop\Szallitasi adatok.tar'
                    Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe'
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s' 'C:\Users\user\Desktop\Szallitasi adatok.tar'Jump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe'Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_00A48507 push dword ptr [esi+3Fh]; iretd 6_2_00A48519
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_00A35683 push es; retf 6_2_00A35684
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 6_2_00A49273 push FFFFFFD9h; iretd 6_2_00A49290
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_00F98507 push dword ptr [esi+3Fh]; iretd 7_2_00F98519
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_00F85683 push es; retf 7_2_00F85684
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_017F7A37 push edi; retn 0000h7_2_017F7A39
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018368AB push FFFFFF8Bh; iretd 7_2_018368AF
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_01836433 pushad ; retf 7_2_0183643D
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0183683D push FFFFFF8Bh; iretd 7_2_01836841
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_018367C7 push FFFFFF8Bh; iretd 7_2_018367D9
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.53444175386
                    Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Yara detected AntiVM3Show sources
                    Source: Yara matchFile source: 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Szallitasi adatok.exe PID: 7056, type: MEMORY
                    Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Windows\SysWOW64\unarchiver.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeWindow / User API: threadDelayed 8291Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeWindow / User API: threadDelayed 1568Jump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6904Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 7060Thread sleep time: -99493s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 7080Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 7100Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 5608Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 6108Thread sleep count: 8291 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 6108Thread sleep count: 1568 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 0_2_0146B042 GetSystemInfo,0_2_0146B042
                    Source: C:\Windows\SysWOW64\unarchiver.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeThread delayed: delay time: 99493Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: vmware
                    Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: VMWARE
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                    Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeCode function: 7_2_0183C490 LdrInitializeThunk,7_2_0183C490
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion:

                    barindex
                    Injects a PE file into a foreign processesShow sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeMemory written: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s' 'C:\Users\user\Desktop\Szallitasi adatok.tar'Jump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe'Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeProcess created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeJump to behavior
                    Source: Szallitasi adatok.exe, 00000007.00000002.589689355.0000000001EB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                    Source: Szallitasi adatok.exe, 00000007.00000002.589689355.0000000001EB0000.00000002.00000001.sdmpBinary or memory string: Progman
                    Source: Szallitasi adatok.exe, 00000007.00000002.589689355.0000000001EB0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
                    Source: Szallitasi adatok.exe, 00000007.00000002.589689355.0000000001EB0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Szallitasi adatok.exe PID: 7104, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Szallitasi adatok.exe PID: 7056, type: MEMORY
                    Source: Yara matchFile source: 6.2.Szallitasi adatok.exe.4086228.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Szallitasi adatok.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Szallitasi adatok.exe.4086228.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Szallitasi adatok.exe.4015208.2.raw.unpack, type: UNPACKEDPE
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentialsShow sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                    Tries to steal Mail credentials (via file access)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yara matchFile source: 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Szallitasi adatok.exe PID: 7104, type: MEMORY

                    Remote Access Functionality:

                    barindex
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Szallitasi adatok.exe PID: 7104, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Szallitasi adatok.exe PID: 7056, type: MEMORY
                    Source: Yara matchFile source: 6.2.Szallitasi adatok.exe.4086228.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Szallitasi adatok.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Szallitasi adatok.exe.4086228.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Szallitasi adatok.exe.4015208.2.raw.unpack, type: UNPACKEDPE

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsWindows Management Instrumentation211Path InterceptionProcess Injection112Masquerading1OS Credential Dumping2Query Registry1Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1Credentials in Registry1Security Software Discovery311Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion131Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection112NTDSVirtualization/Sandbox Evasion131Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol11SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncSystem Information Discovery115Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 383998 Sample: Szallitasi adatok.tar Startdate: 08/04/2021 Architecture: WINDOWS Score: 100 30 Found malware configuration 2->30 32 Multi AV Scanner detection for dropped file 2->32 34 Yara detected AgentTesla 2->34 36 6 other signatures 2->36 8 unarchiver.exe 5 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 7za.exe 2 8->12         started        file5 15 Szallitasi adatok.exe 3 10->15         started        18 conhost.exe 10->18         started        26 C:\Users\user\...\Szallitasi adatok.exe, PE32 12->26 dropped 20 conhost.exe 12->20         started        process6 signatures7 46 Injects a PE file into a foreign processes 15->46 22 Szallitasi adatok.exe 2 15->22         started        process8 dnsIp9 28 smtp.1and1.es 212.227.15.158, 49748, 587 ONEANDONE-ASBrauerstrasse48DE Germany 22->28 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->38 40 Tries to steal Mail credentials (via file access) 22->40 42 Tries to harvest and steal ftp login credentials 22->42 44 Tries to harvest and steal browser information (history, passwords, etc) 22->44 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    No Antivirus matches

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe19%ReversingLabsWin32.Trojan.AgentTesla

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    7.2.Szallitasi adatok.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                    http://www.carterandcone.comn-u0%URL Reputationsafe
                    http://www.carterandcone.comn-u0%URL Reputationsafe
                    http://www.carterandcone.comn-u0%URL Reputationsafe
                    http://www.carterandcone.comn-u0%URL Reputationsafe
                    http://CpKupV.com0%Avira URL Cloudsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.goodfont.co.kr-e0%Avira URL Cloudsafe
                    http://www.jiyu-kobo.co.jp/jp/J0%Avira URL Cloudsafe
                    http://www.founder.com.cn/cna-e0%Avira URL Cloudsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.carterandcone.com0%URL Reputationsafe
                    http://www.carterandcone.com0%URL Reputationsafe
                    http://www.carterandcone.com0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://fontfabrik.com0%URL Reputationsafe
                    http://fontfabrik.com0%URL Reputationsafe
                    http://fontfabrik.com0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.urwpp.de0%URL Reputationsafe
                    http://www.urwpp.de0%URL Reputationsafe
                    http://www.urwpp.de0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                    http://www.fontbureau.comasc0%Avira URL Cloudsafe
                    http://www.sandoll.co.kr.krt-b0%Avira URL Cloudsafe
                    http://DynDns.comDynDNS0%URL Reputationsafe
                    http://DynDns.comDynDNS0%URL Reputationsafe
                    http://DynDns.comDynDNS0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/U0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/U0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/U0%URL Reputationsafe
                    http://www.tiro.comslnt0%URL Reputationsafe
                    http://www.tiro.comslnt0%URL Reputationsafe
                    http://www.tiro.comslnt0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                    http://www.carterandcone.comr0%Avira URL Cloudsafe
                    http://www.jiyu-kobo.co.jp/C0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/C0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/C0%URL Reputationsafe
                    http://www.fontbureau.comaJ0%Avira URL Cloudsafe
                    http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.urwpp.derT0%Avira URL Cloudsafe
                    http://www.jiyu-kobo.co.jp/nb-n0%Avira URL Cloudsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.zhongyicts.com.cna0%Avira URL Cloudsafe
                    http://www.monotype.0%URL Reputationsafe
                    http://www.monotype.0%URL Reputationsafe
                    http://www.monotype.0%URL Reputationsafe
                    http://wjANZKRbswl5oYyv5U.com0%Avira URL Cloudsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/n0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    smtp.1and1.es
                    		212.227.15.158
                    		truefalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://127.0.0.1:HTTP/1.1Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://www.fontbureau.com/designersGSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                        		high
                        http://www.carterandcone.comn-uSzallitasi adatok.exe, 00000006.00000003.328833893.0000000005E61000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/?Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                          		high
                          http://CpKupV.comSzallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.founder.com.cn/cn/bTheSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.goodfont.co.kr-eSzallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fontbureau.com/designers?Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                            		high
                            https://dist.nuget.org/win-x86-commandline/latest/nuget.exeSzallitasi adatok.exe, Szallitasi adatok.exe, 00000007.00000000.340920875.0000000000F82000.00000002.00020000.sdmp, Szallitasi adatok.tarfalse
                              		high
                              http://www.jiyu-kobo.co.jp/jp/JSzallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designersCSzallitasi adatok.exe, 00000006.00000003.330822847.0000000005E62000.00000004.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cna-eSzallitasi adatok.exe, 00000006.00000003.328398898.0000000005E5D000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.tiro.comSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.334203954.0000000005E62000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.goodfont.co.krSzallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comSzallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.328833893.0000000005E61000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designersPSzallitasi adatok.exe, 00000006.00000003.330822847.0000000005E62000.00000004.00000001.sdmpfalse
                                      		high
                                      https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssSzallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.sajatypeworks.comSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.typography.netDSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.founder.com.cn/cn/cTheSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.galapagosdesign.com/staff/dennis.htmSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://fontfabrik.comSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp//Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.galapagosdesign.com/DPleaseSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        https://github.com/Spegeli/Pokemon-Go-Rocket-API/archive/master.zipSzallitasi adatok.exe, Szallitasi adatok.tarfalse
                                          		high
                                          http://www.fonts.comSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krSzallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleaseSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deSzallitasi adatok.exe, 00000006.00000003.331404258.0000000005E62000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSzallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000002.343135328.0000000002DF1000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.sakkal.comSzallitasi adatok.exe, 00000006.00000003.329984191.0000000005E62000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipSzallitasi adatok.exe, 00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.comascSzallitasi adatok.exe, 00000006.00000003.341878900.0000000005E3A000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.apache.org/licenses/LICENSE-2.0Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.fontbureau.comSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.sandoll.co.kr.krt-bSzallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://DynDns.comDynDNSSzallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/USzallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.tiro.comslntSzallitasi adatok.exe, 00000006.00000003.329144440.0000000005E61000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haSzallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://smtp.1and1.esSzallitasi adatok.exe, 00000007.00000002.592552943.00000000037DC000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers~Szallitasi adatok.exe, 00000006.00000003.331212623.0000000005E62000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://github.com/d-haxton/HaxtonBot/archive/master.zipSzallitasi adatok.exe, Szallitasi adatok.exe, 00000007.00000000.340920875.0000000000F82000.00000002.00020000.sdmp, Szallitasi adatok.tarfalse
                                                        		high
                                                        http://www.carterandcone.comrSzallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.jiyu-kobo.co.jp/CSzallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.comaJSzallitasi adatok.exe, 00000006.00000003.341878900.0000000005E3A000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.jiyu-kobo.co.jp/jp/Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.carterandcone.comlSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.urwpp.derTSzallitasi adatok.exe, 00000006.00000003.331404258.0000000005E62000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designers/cabarga.htmlNSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.jiyu-kobo.co.jp/nb-nSzallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.founder.com.cn/cnSzallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers/frere-jones.htmlSzallitasi adatok.exe, 00000006.00000003.330983935.0000000005E62000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://www.zhongyicts.com.cnaSzallitasi adatok.exe, 00000006.00000003.328730706.0000000005E61000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.monotype.Szallitasi adatok.exe, 00000006.00000003.333277327.0000000005E61000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://wjANZKRbswl5oYyv5U.comSzallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000007.00000003.544547709.00000000015E4000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.jiyu-kobo.co.jp/Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329458297.0000000005E34000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.jiyu-kobo.co.jp/nSzallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.carterandcone.comn-u0Szallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers8Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.fontbureau.com/designers/iSzallitasi adatok.exe, 00000006.00000003.330590528.0000000005E62000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.carterandcone.com.NSzallitasi adatok.exe, 00000006.00000003.328759345.0000000005E61000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designers/Szallitasi adatok.exe, 00000006.00000003.330798629.0000000005E62000.00000004.00000001.sdmpfalse
                                                                  		high

                                                                  Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  212.227.15.158
                                                                  		smtp.1and1.esGermany
                                                                  		8560ONEANDONE-ASBrauerstrasse48DEfalse

                                                                  General Information

                                                                  Joe Sandbox Version:31.0.0 Emerald
                                                                  Analysis ID:383998
                                                                  Start date:08.04.2021
                                                                  Start time:13:53:46
                                                                  Joe Sandbox Product:CloudBasic
                                                                  Overall analysis duration:0h 9m 32s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Sample file name:Szallitasi adatok.tar
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                  Number of analysed new started processes analysed:27
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • HDC enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winTAR@11/4@1/1
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HDC Information:
                                                                  • Successful, ratio: 0.2% (good quality ratio 0%)
                                                                  • Quality average: 14%
                                                                  • Quality standard deviation: 31.3%
                                                                  HCA Information:
                                                                  • Successful, ratio: 100%
                                                                  • Number of executed functions: 164
                                                                  • Number of non-executed functions: 1
                                                                  Cookbook Comments:
                                                                  • Adjust boot time
                                                                  • Enable AMSI
                                                                  • Found application associated with file extension: .tar
                                                                  Warnings:
                                                                  Show All
                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 168.61.161.212, 13.88.21.125, 20.82.210.154, 13.64.90.137, 23.10.249.43, 23.10.249.26, 52.155.217.156, 20.54.26.129, 104.43.139.144, 104.42.151.234, 52.255.188.83, 95.100.54.203
                                                                  • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, prod.fs.microsoft.com.akadns.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  13:54:41API Interceptor778x Sleep call for process: Szallitasi adatok.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  212.227.15.158Recibo de transferencia de dinero.exeGet hashmaliciousBrowse
                                                                    Geldtransferbeleg.exeGet hashmaliciousBrowse
                                                                      Factur#U0103 pl#U0103tit#U0103.exeGet hashmaliciousBrowse
                                                                        JUSTT1.exeGet hashmaliciousBrowse
                                                                          Facturas pagadas.exeGet hashmaliciousBrowse
                                                                            kjhh087.exeGet hashmaliciousBrowse
                                                                              Facturas pagadas.exeGet hashmaliciousBrowse
                                                                                Facturas_pagadas.exeGet hashmaliciousBrowse
                                                                                  PAG00.exeGet hashmaliciousBrowse
                                                                                    312000123.exeGet hashmaliciousBrowse
                                                                                      TRANF1.exeGet hashmaliciousBrowse
                                                                                        Orden de pago.exeGet hashmaliciousBrowse
                                                                                          Orden de pago.exeGet hashmaliciousBrowse
                                                                                            OrdenPago2.exeGet hashmaliciousBrowse
                                                                                              3d#U044f.exeGet hashmaliciousBrowse
                                                                                                Orden de pago.exeGet hashmaliciousBrowse
                                                                                                  Orden de pago.exeGet hashmaliciousBrowse
                                                                                                    PAP001.exeGet hashmaliciousBrowse
                                                                                                      Fizetesi felszolitas.exeGet hashmaliciousBrowse
                                                                                                        P0.exeGet hashmaliciousBrowse

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          smtp.1and1.esRecibo de transferencia de dinero.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          Geldtransferbeleg.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          Factur#U0103 pl#U0103tit#U0103.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          factura.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142
                                                                                                          JUSTT1.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          Facturas pagadas.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          kjhh087.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          Facturas pagadas.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142
                                                                                                          Facturas pagadas.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          Facturas_pagadas.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          #U0420#U0430#U0445#U0443#U043d#U043a#U0438 #U043e#U043f#U043b#U0430#U0447#U0435#U043d#U0456.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142
                                                                                                          PAG00.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          312000123.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          Facturi pl#U0103tite la scaden#U021b#U0103.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142
                                                                                                          TRANF1.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.158
                                                                                                          Betalingsadvies Opmerking.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142
                                                                                                          42#U0438.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142
                                                                                                          WYX-09901.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142
                                                                                                          Nota de aviso de pago.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142
                                                                                                          Ordesss.exeGet hashmaliciousBrowse
                                                                                                          • 212.227.15.142

                                                                                                          ASN

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          ONEANDONE-ASBrauerstrasse48DEmal5.exeGet hashmaliciousBrowse
                                                                                                          • 74.208.5.15
                                                                                                          invoice.exeGet hashmaliciousBrowse
                                                                                                          • 74.208.236.64
                                                                                                          PO7321.exeGet hashmaliciousBrowse
                                                                                                          • 217.160.0.101
                                                                                                          BL01345678053567.exeGet hashmaliciousBrowse
                                                                                                          • 74.208.236.134
                                                                                                          A409043090.exeGet hashmaliciousBrowse
                                                                                                          • 74.208.5.2
                                                                                                          Old9BZy7jO.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          mULT14gGmy.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          yWA1Ay0538.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          27XuTqKwYF.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          Old9BZy7jO.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          mULT14gGmy.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          JI63JG7EMo.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          F7aZDNx6UM.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          yWA1Ay0538.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          27XuTqKwYF.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          NYDhNBQlYM.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          ydKCqL4sTG.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          F7aZDNx6UM.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          JI63JG7EMo.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211
                                                                                                          TI8E08zJuu.dllGet hashmaliciousBrowse
                                                                                                          • 82.223.21.211

                                                                                                          JA3 Fingerprints

                                                                                                          No context

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log
                                                                                                          Process:C:\Windows\SysWOW64\unarchiver.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):388
                                                                                                          Entropy (8bit):5.2529463157768355
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk7v:MLF20NaL329hJ5g522r0
                                                                                                          MD5:FF3B761A021930205BEC9D7664AE9258
                                                                                                          SHA1:1039D595C6333358D5F7EE5619FE6794E6F5FDB1
                                                                                                          SHA-256:A3517BC4B1E6470905F9A38466318B302186496E8706F1976F1ED76F3E87AF0F
                                                                                                          SHA-512:1E77D09CF965575EF9800B1EE8947A02D98F88DBFA267300330860757A0C7350AF857A2CB7001C49AFF1F5BD1E0AE6E90F643B27054522CADC730DD14BC3DE11
                                                                                                          Malicious:false
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..
                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Szallitasi adatok.exe.log
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1314
                                                                                                          Entropy (8bit):5.350128552078965
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                                                                          MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                                                                          SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                                                                          SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                                                                          SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                                                                                                          C:\Users\user\AppData\Local\Temp\mcgybaxf.vdb\unarchiver.log
                                                                                                          Process:C:\Windows\SysWOW64\unarchiver.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1615
                                                                                                          Entropy (8bit):5.10186681558097
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:CZVvUG/G3/Gb3/G3/Gpp/G//G3/GpPv/Gb1/Gcv/GP/Gu/GO/Ge/G3/G4/G3/G2a:UzBUQ
                                                                                                          MD5:C4B67CF81A0C227827D36C996CC306DD
                                                                                                          SHA1:9D9E9E32BEFB33BB6B99BF76D54960A7A9E4B8EB
                                                                                                          SHA-256:3027A6AE557DCC0ACC8C324F766CA3E4FC0BC463799EB8D3AA96484988BC882B
                                                                                                          SHA-512:560D400BEB0DDD24875233192A1E50356C96EBE2D8C4993DB0BF1530E73EA570E69B6883CDC155C4996E211E9390CBC358149F069D77B97BFAAF8D6C7972FD64
                                                                                                          Malicious:false
                                                                                                          Reputation:low
                                                                                                          Preview: 04/08/2021 1:54 PM: Unpack: C:\Users\user\Desktop\Szallitasi adatok.tar..04/08/2021 1:54 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s..04/08/2021 1:54 PM: Received from standard out: ..04/08/2021 1:54 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..04/08/2021 1:54 PM: Received from standard out: ..04/08/2021 1:54 PM: Received from standard out: Scanning the drive for archives:..04/08/2021 1:54 PM: Received from standard out: 1 file, 874496 bytes (854 KiB)..04/08/2021 1:54 PM: Received from standard out: ..04/08/2021 1:54 PM: Received from standard out: Extracting archive: C:\Users\user\Desktop\Szallitasi adatok.tar..04/08/2021 1:54 PM: Received from standard out: --..04/08/2021 1:54 PM: Received from standard out: Path = C:\Users\user\Desktop\Szallitasi adatok.tar..04/08/2021 1:54 PM: Received from standard out: Type = tar..04/08/2021 1:54 PM: Received from standard out: Physical Size = 874496..04/08/20
                                                                                                          C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
                                                                                                          Process:C:\Windows\SysWOW64\7za.exe
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):872960
                                                                                                          Entropy (8bit):7.186249660947472
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:2RWcIIK2eESLm1OYOtc7t/0t5v3QUynop8O1lDGbT1tB5IKUa/+:20/IVlOYOSUXynof1wt/IE
                                                                                                          MD5:C615C5F811E05D5743CE4DD4AFAD4055
                                                                                                          SHA1:D37B5D2BCCC12CC995B08A9D3200ECF3A7C21D37
                                                                                                          SHA-256:2154D40FF4FC639A9F8CE0208D0F71D75D664FFAF1D92DC6802CE9EE1DC76DB2
                                                                                                          SHA-512:13C828E61E7E9E12096781F4D0567EA402B42E9E01CF6B5B0CAD2A7749B9B4664A23D3F181E398FAB73D4AAB9AE1BD867868D4651636620CACE3F8E30438B6D2
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 19%
                                                                                                          Reputation:low
                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n`..............P......F.......)... ...@....@.. ....................................@..................................)..O....@...B........................................................................... ............... ..H............text........ ...................... ..`.rsrc....B...@...D..................@..@.reloc...............P..............@..B.................)......H........?..DH.........................................................0............(....( .........(.....o!....*.....................("......(#......($......(%......(&....*N..(....ol...('....*&..((....*.s)........s*........s+........s,........s-........*....0...........~....o.....+..*.0...........~....o/....+..*.0...........~....o0....+..*.0...........~....o1....+..*.0...........~....o2....+..*.0..<........~.....(3.....,!r...p.....(4...o5...s6............~.....+..*.0......

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:tar archive
                                                                                                          Entropy (8bit):7.17922383389497
                                                                                                          TrID:
                                                                                                            File name:Szallitasi adatok.tar
                                                                                                            File size:874496
                                                                                                            MD5:fa2c7acf057d7ecf693cbb13fab9b1b3
                                                                                                            SHA1:b67cd39674b6d039e235fbb9cf0272a103afa475
                                                                                                            SHA256:1b90e29a9f49905ead7832ff25d7ba91fddeb4827d7c8ca506c6c0b6f96acda7
                                                                                                            SHA512:c0db03c358d2e99f1a801c7fdb7a7155fadca26ac43d0cb76636d2d3962494aedf4cabc6611530138ab67ba40119421ea275c840c2c7a18fc803125a3ca5e981
                                                                                                            SSDEEP:12288:iRWcIIK2eESLm1OYOtc7t/0t5v3QUynop8O1lDGbT1tB5IKUa/+:i0/IVlOYOSUXynof1wt/IE
                                                                                                            File Content Preview:Szallitasi adatok.exe...............................................................................0000755.0000000.0000000.00003251000.14033527302.0010636.0..................................................................................................

                                                                                                            File Icon

                                                                                                            Icon Hash:00828e8e8686b000

                                                                                                            Network Behavior

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Apr 8, 2021 13:56:24.634834051 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:24.655982018 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.656105995 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:24.680350065 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.680680037 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:24.700917959 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.700939894 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.701294899 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:24.721739054 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.763144016 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:24.854901075 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:24.877895117 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.877954006 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.877990961 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.878241062 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:24.882872105 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:24.903430939 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.945874929 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.274348021 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.294574022 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.307136059 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.327366114 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.328071117 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.354927063 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.357798100 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.391242981 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.391863108 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.415335894 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.418555021 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.439104080 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.447356939 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.447470903 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.450865984 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.450938940 CEST49748587192.168.2.6212.227.15.158
                                                                                                            Apr 8, 2021 13:56:25.467780113 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.471020937 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.475791931 CEST58749748212.227.15.158192.168.2.6
                                                                                                            Apr 8, 2021 13:56:25.527986050 CEST49748587192.168.2.6212.227.15.158

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Apr 8, 2021 13:54:29.310831070 CEST6426753192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:54:29.323438883 CEST53642678.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:54:30.150109053 CEST4944853192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:54:30.162914991 CEST53494488.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:54:58.056195021 CEST6034253192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:54:58.068922043 CEST53603428.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:00.362915993 CEST6134653192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:00.375672102 CEST53613468.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:01.744673014 CEST5177453192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:01.764659882 CEST53517748.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:15.327439070 CEST5602353192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:15.339849949 CEST53560238.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:16.030726910 CEST5838453192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:16.044173956 CEST53583848.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:16.076661110 CEST6026153192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:16.090249062 CEST53602618.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:16.503767014 CEST5606153192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:16.516599894 CEST53560618.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:16.855788946 CEST5833653192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:16.869081020 CEST53583368.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:17.018145084 CEST5378153192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:17.046446085 CEST53537818.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:17.291961908 CEST5406453192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:17.304398060 CEST53540648.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:17.742532969 CEST5281153192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:17.756438971 CEST53528118.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:17.772445917 CEST5529953192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:17.791837931 CEST53552998.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:18.222578049 CEST6374553192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:18.235402107 CEST53637458.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:18.547561884 CEST5005553192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:18.560071945 CEST53500558.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:19.110074997 CEST6137453192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:19.123141050 CEST53613748.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:20.157962084 CEST5033953192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:20.170722961 CEST53503398.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:20.609410048 CEST6330753192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:20.621942043 CEST53633078.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:24.486260891 CEST4969453192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:24.498848915 CEST53496948.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:25.246932983 CEST5498253192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:25.259480000 CEST53549828.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:26.208298922 CEST5001053192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:26.221723080 CEST53500108.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:27.153976917 CEST6371853192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:27.167279959 CEST53637188.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:31.936496019 CEST6211653192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:31.948426962 CEST53621168.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:33.254976988 CEST6381653192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:33.281289101 CEST53638168.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:35.488033056 CEST5501453192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:35.501447916 CEST53550148.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:45.156191111 CEST6220853192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:45.168934107 CEST53622088.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:46.059092999 CEST5757453192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:46.072094917 CEST53575748.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:48.830485106 CEST5181853192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:48.842998981 CEST53518188.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:52.643460035 CEST5662853192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:52.656511068 CEST53566288.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:53.470834970 CEST6077853192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:53.484002113 CEST53607788.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:55:54.145735025 CEST5379953192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:55:54.158551931 CEST53537998.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:56:06.882749081 CEST5468353192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:56:06.895538092 CEST53546838.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:56:07.708811045 CEST5932953192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:56:07.727602005 CEST53593298.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:56:08.603001118 CEST6402153192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:56:08.635907888 CEST53640218.8.8.8192.168.2.6
                                                                                                            Apr 8, 2021 13:56:24.476588964 CEST5612953192.168.2.68.8.8.8
                                                                                                            Apr 8, 2021 13:56:24.499018908 CEST53561298.8.8.8192.168.2.6

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                            Apr 8, 2021 13:56:24.476588964 CEST192.168.2.68.8.8.80xb5a0Standard query (0)smtp.1and1.esA (IP address)IN (0x0001)

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                            Apr 8, 2021 13:56:24.499018908 CEST8.8.8.8192.168.2.60xb5a0No error (0)smtp.1and1.es212.227.15.158A (IP address)IN (0x0001)
                                                                                                            Apr 8, 2021 13:56:24.499018908 CEST8.8.8.8192.168.2.60xb5a0No error (0)smtp.1and1.es212.227.15.142A (IP address)IN (0x0001)

                                                                                                            SMTP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                            Apr 8, 2021 13:56:24.680350065 CEST58749748212.227.15.158192.168.2.6220 kundenserver.de (mreue109) Nemesis ESMTP Service ready
                                                                                                            Apr 8, 2021 13:56:24.680680037 CEST49748587192.168.2.6212.227.15.158EHLO 899552
                                                                                                            Apr 8, 2021 13:56:24.700939894 CEST58749748212.227.15.158192.168.2.6250-kundenserver.de Hello 899552 [185.32.222.8]
                                                                                                            250-8BITMIME
                                                                                                            250-AUTH LOGIN PLAIN
                                                                                                            250-SIZE 140000000
                                                                                                            250 STARTTLS
                                                                                                            Apr 8, 2021 13:56:24.701294899 CEST49748587192.168.2.6212.227.15.158STARTTLS
                                                                                                            Apr 8, 2021 13:56:24.721739054 CEST58749748212.227.15.158192.168.2.6220 OK

                                                                                                            Code Manipulations

                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            Analysis Process: unarchiver.exe PID: 6880 Parent PID: 5844

                                                                                                            General

                                                                                                            Start time:13:54:32
                                                                                                            Start date:08/04/2021
                                                                                                            Path:C:\Windows\SysWOW64\unarchiver.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\Szallitasi adatok.tar'
                                                                                                            Imagebase:0xb90000
                                                                                                            File size:10240 bytes
                                                                                                            MD5 hash:DB55139D9DD29F24AE8EA8F0E5606901
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                            Reputation:low

                                                                                                            Chronological Activities

                                                                                                            Analysis Process: 7za.exe PID: 6916 Parent PID: 6880

                                                                                                            General

                                                                                                            Start time:13:54:33
                                                                                                            Start date:08/04/2021
                                                                                                            Path:C:\Windows\SysWOW64\7za.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s' 'C:\Users\user\Desktop\Szallitasi adatok.tar'
                                                                                                            Imagebase:0x70000
                                                                                                            File size:289792 bytes
                                                                                                            MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            Chronological Activities

                                                                                                            Analysis Process: conhost.exe PID: 6964 Parent PID: 6916

                                                                                                            General

                                                                                                            Start time:13:54:33
                                                                                                            Start date:08/04/2021
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff61de10000
                                                                                                            File size:625664 bytes
                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            Chronological Activities

                                                                                                            Analysis Process: cmd.exe PID: 7008 Parent PID: 6880

                                                                                                            General

                                                                                                            Start time:13:54:34
                                                                                                            Start date:08/04/2021
                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe'
                                                                                                            Imagebase:0x2a0000
                                                                                                            File size:232960 bytes
                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            Chronological Activities

                                                                                                            Analysis Process: conhost.exe PID: 7028 Parent PID: 7008

                                                                                                            General

                                                                                                            Start time:13:54:34
                                                                                                            Start date:08/04/2021
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff61de10000
                                                                                                            File size:625664 bytes
                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            Chronological Activities

                                                                                                            Analysis Process: Szallitasi adatok.exe PID: 7056 Parent PID: 7008

                                                                                                            General

                                                                                                            Start time:13:54:35
                                                                                                            Start date:08/04/2021
                                                                                                            Path:C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
                                                                                                            Imagebase:0xa30000
                                                                                                            File size:872960 bytes
                                                                                                            MD5 hash:C615C5F811E05D5743CE4DD4AFAD4055
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            Antivirus matches:
                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                            • Detection: 19%, ReversingLabs
                                                                                                            Reputation:low

                                                                                                            Chronological Activities

                                                                                                            Analysis Process: Szallitasi adatok.exe PID: 7104 Parent PID: 7056

                                                                                                            General

                                                                                                            Start time:13:54:42
                                                                                                            Start date:08/04/2021
                                                                                                            Path:C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
                                                                                                            Imagebase:0xf80000
                                                                                                            File size:872960 bytes
                                                                                                            MD5 hash:C615C5F811E05D5743CE4DD4AFAD4055
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                            Reputation:low

                                                                                                            Chronological Activities

                                                                                                            Disassembly

                                                                                                            Code Analysis

                                                                                                            Reset < >

                                                                                                              Analysis Process: unarchiver.exe PID: 6880 Parent PID: 5844 unarchiver.exeCOMMON

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:20.4%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:6%
                                                                                                              Total number of Nodes:67
                                                                                                              Total number of Limit Nodes:4

                                                                                                              Graph

                                                                                                              execution_graph 1196 146a504 1199 146a52a CreateFileW 1196->1199 1198 146a5b1 1199->1198 1122 146b042 1123 146b0a4 1122->1123 1124 146b06e GetSystemInfo 1122->1124 1123->1124 1125 146b07c 1124->1125 1126 146a642 1127 146a66e FindCloseChangeNotification 1126->1127 1128 146a6ad 1126->1128 1129 146a67c 1127->1129 1128->1127 1200 146a600 1201 146a642 FindCloseChangeNotification 1200->1201 1203 146a67c 1201->1203 1138 146a88e 1140 146a8c3 ReadFile 1138->1140 1141 146a8f5 1140->1141 1172 146a448 1173 146a46a CreateDirectoryW 1172->1173 1175 146a4b7 1173->1175 1164 146a25e 1165 146a2b3 1164->1165 1166 146a28a SetErrorMode 1164->1166 1165->1166 1167 146a29f 1166->1167 1168 146ae1e 1169 146ae4a FindClose 1168->1169 1171 146ae7c 1168->1171 1170 146ae5f 1169->1170 1171->1169 1176 146a85f 1178 146a88e ReadFile 1176->1178 1179 146a8f5 1178->1179 1180 146a9e2 1181 146aa11 CreatePipe 1180->1181 1183 146aaaa 1181->1183 1204 146a120 1205 146a172 FindNextFileW 1204->1205 1207 146a1ca 1205->1207 1208 146b020 1209 146b042 GetSystemInfo 1208->1209 1211 146b07c 1209->1211 1142 146a7ae 1144 146a7e3 SetFilePointer 1142->1144 1145 146a812 1144->1145 1146 146a46a 1147 146a490 CreateDirectoryW 1146->1147 1149 146a4b7 1147->1149 1150 146a52a 1152 146a562 CreateFileW 1150->1152 1153 146a5b1 1152->1153 1184 146adf7 1185 146ae1e FindClose 1184->1185 1187 146ae5f 1185->1187 1161 146a172 1162 146a1c2 FindNextFileW 1161->1162 1163 146a1ca 1162->1163 1188 146ab70 1189 146ab96 DuplicateHandle 1188->1189 1191 146ac1b 1189->1191 1192 146a77c 1193 146a7ae SetFilePointer 1192->1193 1195 146a812 1193->1195 1216 146a23c 1219 146a25e SetErrorMode 1216->1219 1218 146a29f 1219->1218 1220 146a6bb 1221 146a6ee GetFileType 1220->1221 1223 146a750 1221->1223

                                                                                                              Callgraph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              • Opacity -> Relevance
                                                                                                              • Disassembly available
                                                                                                              callgraph 0 Function_01462044 1 Function_0146B042 2 Function_0146A642 3 Function_0146A448 4 Function_0146AA52 5 Function_0146A25E 6 Function_0146A85F 7 Function_02EC05F6 8 Function_02EC07F7 9 Function_01462458 10 Function_01462C58 11 Function_02EB0ACA 38 Function_02EB0BBF 11->38 12 Function_01462364 13 Function_01462264 14 Function_02EC05CF 15 Function_0146AD6C 16 Function_0146A46A 17 Function_02EB0AD8 17->38 18 Function_0146A172 19 Function_0146A972 20 Function_0146AB70 21 Function_0146AC71 22 Function_0146A77C 23 Function_02EB0ED0 23->17 24 Function_0146A37B 25 Function_0146A078 26 Function_01462006 27 Function_0146A504 28 Function_02EC05AF 29 Function_02EB02A8 29->7 29->11 29->14 29->17 85 Function_02EB0C30 29->85 30 Function_0146A005 31 Function_0146A600 32 Function_02EC07A6 33 Function_0146B30A 34 Function_0146B20A 35 Function_02EC07A2 36 Function_02EC08A2 37 Function_02EC05BF 39 Function_02EB0EBF 39->17 40 Function_01462310 41 Function_0146AD1E 42 Function_0146AE1E 43 Function_0146A120 44 Function_0146B020 45 Function_0146A02E 46 Function_0146A52A 47 Function_0146A937 48 Function_02EB0299 48->7 48->11 48->14 48->17 48->85 49 Function_01462430 50 Function_0146213C 51 Function_0146A23C 52 Function_02EC066F 53 Function_0146A2C1 54 Function_0146AFC9 55 Function_0146A3D2 56 Function_014620D0 57 Function_02EC0774 58 Function_0146B2DF 59 Function_02EB0070 60 Function_0146AAD8 61 Function_02EB0049 62 Function_02EB0E48 62->17 63 Function_0146B0E2 64 Function_0146A9E2 65 Function_0146ACE3 66 Function_0146A6EE 67 Function_02EC025D 68 Function_0146ADF7 69 Function_014623F4 70 Function_0146A1F4 71 Function_0146A2F2 72 Function_014621F0 73 Function_02EC065A 74 Function_0146A4FE 75 Function_0146AAFA 76 Function_01462680 77 Function_02EB002D 78 Function_0146A88E 79 Function_0146AD8E 80 Function_0146AF8D 81 Function_0146AB96 82 Function_01462194 83 Function_02EB0E38 83->17 84 Function_02EC0639 84->73 86 Function_0146A09A 87 Function_01462098 88 Function_02EC000C 89 Function_02EB0A08 90 Function_02EC0708 91 Function_0146A7AE 92 Function_0146AEAC 93 Function_02EC0001 94 Function_02EB0006 95 Function_02EC081E 96 Function_014622B4 97 Function_02EB0A18 98 Function_0146B0B2 99 Function_0146AEBE 100 Function_014623BC 101 Function_0146B1BD 102 Function_0146A6BB

                                                                                                              Executed Functions

                                                                                                              Function 02EB02A8, Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 2eb02a8-2eb02d1 1 2eb02d8-2eb0377 0->1 2 2eb02d3 0->2 7 2eb0379 1->7 8 2eb037e-2eb03a2 1->8 2->1 7->8 10 2eb03a8-2eb03c3 8->10 11 2eb0591-2eb05b1 8->11 16 2eb057b-2eb0589 10->16 17 2eb03c9-2eb0579 10->17 14 2eb098b-2eb099d 11->14 15 2eb05b7-2eb05c5 11->15 25 2eb09f5-2eb09fe 14->25 18 2eb05cc-2eb05da 15->18 19 2eb05c7 15->19 23 2eb058a-2eb099d 16->23 17->23 103 2eb05e0 call 2eb0aca 18->103 104 2eb05e0 call 2eb0ad8 18->104 105 2eb05e0 call 2ec05cf 18->105 106 2eb05e0 call 2ec05f6 18->106 19->18 23->25 28 2eb05e6-2eb0610 109 2eb0616 call 2eb0aca 28->109 110 2eb0616 call 2eb0ad8 28->110 34 2eb061c-2eb0681 43 2eb0688-2eb06ce call 2eb0c30 34->43 44 2eb0683 34->44 114 2eb06d4 call 2eb0aca 43->114 115 2eb06d4 call 2eb0ad8 43->115 44->43 54 2eb06da-2eb0748 107 2eb074e call 2eb0aca 54->107 108 2eb074e call 2eb0ad8 54->108 61 2eb0754-2eb0785 63 2eb0940-2eb0956 61->63 64 2eb078a-2eb0793 63->64 65 2eb095c-2eb096d 63->65 66 2eb079a-2eb07b3 64->66 67 2eb0795 64->67 68 2eb096f-2eb0986 65->68 69 2eb0987-2eb0989 65->69 70 2eb07b9-2eb07ef 66->70 71 2eb092c-2eb0932 66->71 67->66 68->69 78 2eb07f1-2eb07f3 70->78 79 2eb07f5 70->79 72 2eb0939-2eb093d 71->72 73 2eb0934 71->73 72->63 73->72 80 2eb07fa-2eb0801 78->80 79->80 81 2eb0908-2eb092a 80->81 82 2eb0807-2eb081c 80->82 91 2eb092b 81->91 83 2eb0890-2eb08a6 82->83 85 2eb081e-2eb0827 83->85 86 2eb08ac-2eb08bd 83->86 87 2eb0829 85->87 88 2eb082e-2eb0881 85->88 89 2eb08bf-2eb08d4 86->89 90 2eb0904-2eb0906 86->90 87->88 101 2eb088c-2eb088d 88->101 102 2eb0883-2eb088b 88->102 112 2eb08da call 2eb0aca 89->112 113 2eb08da call 2eb0ad8 89->113 90->91 91->71 95 2eb08e0-2eb08ec call 2eb0c30 97 2eb08f2-2eb08f9 95->97 99 2eb08fb 97->99 100 2eb0900-2eb0903 97->100 99->100 100->90 101->83 102->101 103->28 104->28 105->28 106->28 107->61 108->61 109->34 110->34 112->95 113->95 114->54 115->54
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349815690.0000000002EB0000.00000040.00000001.sdmp, Offset: 02EB0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2eb0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: :@Dr$X1kr
                                                                                                              • API String ID: 0-2776031997
                                                                                                              • Opcode ID: a787740df63da0687995ad0e814fd45c808772357dcd669b3f49c00c53cad410
                                                                                                              • Instruction ID: 1f62124623bdde6c3ed4fd94842e5189dc20362410b786a1790d1ed1dfb3211b
                                                                                                              • Opcode Fuzzy Hash: a787740df63da0687995ad0e814fd45c808772357dcd669b3f49c00c53cad410
                                                                                                              • Instruction Fuzzy Hash: 0322D674E00258CFDB25DFA9E844B9EBBB2FBA9301F1091A9E409B7265DB345D81CF50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146B042, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetSystemInfo.KERNELBASE(?), ref: 0146B074
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InfoSystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 31276548-0
                                                                                                              • Opcode ID: 46ebe64adec0612004d5104c5e18106a85a072c4136fecae34465ce983c29fb3
                                                                                                              • Instruction ID: c1cb57e973fa3f223057863cfe395219707725791d3f1e2caf900463ef46d6f6
                                                                                                              • Opcode Fuzzy Hash: 46ebe64adec0612004d5104c5e18106a85a072c4136fecae34465ce983c29fb3
                                                                                                              • Instruction Fuzzy Hash: AA018F709042449FDB10CF19D885756FF98DF44224F18C4ABDE488F252D2B5A404CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146B0B2, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 117 146b0b2-146b157 122 146b1af-146b1b4 117->122 123 146b159-146b161 DuplicateHandle 117->123 122->123 124 146b167-146b179 123->124 126 146b1b6-146b1bb 124->126 127 146b17b-146b1ac 124->127 126->127
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0146B15F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 484166cbe7f876846cf15185711757aef4e9b5c09fcde417cab3ca9fd2955bf1
                                                                                                              • Instruction ID: 88be73b194748be3dbdaccb6ecf53bbb17449c73aa386d6938f12d9ca04971f8
                                                                                                              • Opcode Fuzzy Hash: 484166cbe7f876846cf15185711757aef4e9b5c09fcde417cab3ca9fd2955bf1
                                                                                                              • Instruction Fuzzy Hash: 5E31B272504344AFEB228F65DC44FA7BFACEF46310F04859BE985DB152D364A819CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146AB70, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 131 146ab70-146ac0b 136 146ac63-146ac68 131->136 137 146ac0d-146ac15 DuplicateHandle 131->137 136->137 139 146ac1b-146ac2d 137->139 140 146ac2f-146ac60 139->140 141 146ac6a-146ac6f 139->141 141->140
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0146AC13
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: cd6ebd3516e646aa7bd16e05a4194738fa86d8ec4d4fcc8dd225b8327dc79dc3
                                                                                                              • Instruction ID: ef61e0960b5872a2d29259cac7018a2e2f4c124e67884c0fac1ff359ce1803a2
                                                                                                              • Opcode Fuzzy Hash: cd6ebd3516e646aa7bd16e05a4194738fa86d8ec4d4fcc8dd225b8327dc79dc3
                                                                                                              • Instruction Fuzzy Hash: C531D372104344AFEB228B64CC44F67BFACEF46310F0888ABF985DB252D264A419CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A9E2, Relevance: 1.6, APIs: 1, Instructions: 93pipeCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 145 146a9e2-146aa4f 147 146aa52-146aaa4 CreatePipe 145->147 149 146aaaa-146aad3 147->149
                                                                                                              APIs
                                                                                                              • CreatePipe.KERNELBASE(?,00000E2C,?,?), ref: 0146AAA2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreatePipe
                                                                                                              • String ID:
                                                                                                              • API String ID: 2719314638-0
                                                                                                              • Opcode ID: e2954f9e149345715ec80e65033f0e949e41b5b3ba8858bfdebb6263a4757d07
                                                                                                              • Instruction ID: 8e9d1e8089b101f0af1acff7105c967f997fad96cb11e32b4b5b6f5c886031d2
                                                                                                              • Opcode Fuzzy Hash: e2954f9e149345715ec80e65033f0e949e41b5b3ba8858bfdebb6263a4757d07
                                                                                                              • Instruction Fuzzy Hash: E1318E6640E3C06FD3038B718C65A52BFB4AF47610F1D84DBD8C48F1A3D2696919C766
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A504, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 151 146a504-146a582 155 146a587-146a593 151->155 156 146a584 151->156 157 146a595 155->157 158 146a598-146a5a1 155->158 156->155 157->158 159 146a5f2-146a5f7 158->159 160 146a5a3-146a5c7 CreateFileW 158->160 159->160 163 146a5f9-146a5fe 160->163 164 146a5c9-146a5ef 160->164 163->164
                                                                                                              APIs
                                                                                                              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0146A5A9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 823142352-0
                                                                                                              • Opcode ID: 082e816e710fc5061cbab08e21257d421e796303c7293480be041669bb1ea2a9
                                                                                                              • Instruction ID: 39134e738cd7c5d1c83cca37f75e82d9fda69a523e860e440e69de424240e6fd
                                                                                                              • Opcode Fuzzy Hash: 082e816e710fc5061cbab08e21257d421e796303c7293480be041669bb1ea2a9
                                                                                                              • Instruction Fuzzy Hash: E5319EB1504780AFE722CF25CC44F66BFE8EF45210F1884AEE9859B252D375E809CB71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A120, Relevance: 1.6, APIs: 1, Instructions: 83fileCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 167 146a120-146a1f3 FindNextFileW
                                                                                                              APIs
                                                                                                              • FindNextFileW.KERNELBASE(?,00000E2C,?,?), ref: 0146A1C2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileFindNext
                                                                                                              • String ID:
                                                                                                              • API String ID: 2029273394-0
                                                                                                              • Opcode ID: 221b500f6a42ce5ec3dff5a4ce22a4b8bcc47df5a426958bf1c3c2404cf4378b
                                                                                                              • Instruction ID: 519f969d5cc72a95b529e4607a823f637effa3879de449df12cf4c1fcda98b3e
                                                                                                              • Opcode Fuzzy Hash: 221b500f6a42ce5ec3dff5a4ce22a4b8bcc47df5a426958bf1c3c2404cf4378b
                                                                                                              • Instruction Fuzzy Hash: 5F21D37140D3C06FD7128B358C55BA2BFB4EF47620F1981DBED848F293D265A919C7A2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146B0E2, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 185 146b0e2-146b157 189 146b1af-146b1b4 185->189 190 146b159-146b161 DuplicateHandle 185->190 189->190 191 146b167-146b179 190->191 193 146b1b6-146b1bb 191->193 194 146b17b-146b1ac 191->194 193->194
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0146B15F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 4bd92241f7654def6d0ee2d08e1a5fcadc39874389958caf80e481c0365da3de
                                                                                                              • Instruction ID: cfd22749970100d7bc9b59f2df01dd056bef7342d4c90730f82c43b5fec3609c
                                                                                                              • Opcode Fuzzy Hash: 4bd92241f7654def6d0ee2d08e1a5fcadc39874389958caf80e481c0365da3de
                                                                                                              • Instruction Fuzzy Hash: 97219D72500204EFEB219F69DC85FABFBACEF04320F14896BEE45DB251D670A4198B71
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146AB96, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 172 146ab96-146ac0b 176 146ac63-146ac68 172->176 177 146ac0d-146ac15 DuplicateHandle 172->177 176->177 179 146ac1b-146ac2d 177->179 180 146ac2f-146ac60 179->180 181 146ac6a-146ac6f 179->181 181->180
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0146AC13
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: e8634ae194fe9bdbd855c63664912584dbb037d0f1fdd8893e8c03d2af1dee73
                                                                                                              • Instruction ID: 8a0b497748e48f30cf23e0b65d0abe6e39727109cf49a2c8d95ce42048187c4f
                                                                                                              • Opcode Fuzzy Hash: e8634ae194fe9bdbd855c63664912584dbb037d0f1fdd8893e8c03d2af1dee73
                                                                                                              • Instruction Fuzzy Hash: E521CF72500604AFEB21CF68DC84F6BFBECEF04320F14896BEE459B251D670A4198BB1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A77C, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 198 146a77c-146a802 202 146a846-146a84b 198->202 203 146a804-146a824 SetFilePointer 198->203 202->203 206 146a826-146a843 203->206 207 146a84d-146a852 203->207 207->206
                                                                                                              APIs
                                                                                                              • SetFilePointer.KERNELBASE(?,00000E2C,796FD4D2,00000000,00000000,00000000,00000000), ref: 0146A80A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FilePointer
                                                                                                              • String ID:
                                                                                                              • API String ID: 973152223-0
                                                                                                              • Opcode ID: 9656841bba64c27b2b3af1f67ee6a6f5a99d117804790201f7507f2f674347e6
                                                                                                              • Instruction ID: 55cfddcac89e4e1d260ac68c798f16c73babacf28dd40bbcf43d7c3966b90f7a
                                                                                                              • Opcode Fuzzy Hash: 9656841bba64c27b2b3af1f67ee6a6f5a99d117804790201f7507f2f674347e6
                                                                                                              • Instruction Fuzzy Hash: 2621A171408380AFE7128B24DC44F66BFB8EF46714F1884EBEE849F253D265A809C772
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A85F, Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 210 146a85f-146a8e5 214 146a8e7-146a907 ReadFile 210->214 215 146a929-146a92e 210->215 218 146a930-146a935 214->218 219 146a909-146a926 214->219 215->214 218->219
                                                                                                              APIs
                                                                                                              • ReadFile.KERNELBASE(?,00000E2C,796FD4D2,00000000,00000000,00000000,00000000), ref: 0146A8ED
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 2738559852-0
                                                                                                              • Opcode ID: 71274eeab13acaf28e6f9ccea2b55eff3c02be3692c49cfe1df4c7631300ff51
                                                                                                              • Instruction ID: 0d6f017ccb99fd70b87631836625fa44901b8c7403a05da3b2a17fd6854aa793
                                                                                                              • Opcode Fuzzy Hash: 71274eeab13acaf28e6f9ccea2b55eff3c02be3692c49cfe1df4c7631300ff51
                                                                                                              • Instruction Fuzzy Hash: 2221A171009380AFDB228F65DC44F57BFB8EF06310F18849BEA849F262C275A409CB72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A52A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 222 146a52a-146a582 225 146a587-146a593 222->225 226 146a584 222->226 227 146a595 225->227 228 146a598-146a5a1 225->228 226->225 227->228 229 146a5f2-146a5f7 228->229 230 146a5a3-146a5ab CreateFileW 228->230 229->230 231 146a5b1-146a5c7 230->231 233 146a5f9-146a5fe 231->233 234 146a5c9-146a5ef 231->234 233->234
                                                                                                              APIs
                                                                                                              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0146A5A9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 823142352-0
                                                                                                              • Opcode ID: d44d7302feeca3d9404b98d1937d74b0ba02d830f4bba4743b96d7f8cec5f854
                                                                                                              • Instruction ID: aa6ac9482a563f17e11b968e1a91234a0cc4147fb76b4dd1a31ad95947716af1
                                                                                                              • Opcode Fuzzy Hash: d44d7302feeca3d9404b98d1937d74b0ba02d830f4bba4743b96d7f8cec5f854
                                                                                                              • Instruction Fuzzy Hash: B4219A71600640AFEB21CF29C884B66FBE8EF08214F14846AEA859B252D371E405CB72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A6BB, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 237 146a6bb-146a739 241 146a76e-146a773 237->241 242 146a73b-146a74e GetFileType 237->242 241->242 243 146a775-146a77a 242->243 244 146a750-146a76d 242->244 243->244
                                                                                                              APIs
                                                                                                              • GetFileType.KERNELBASE(?,00000E2C,796FD4D2,00000000,00000000,00000000,00000000), ref: 0146A741
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileType
                                                                                                              • String ID:
                                                                                                              • API String ID: 3081899298-0
                                                                                                              • Opcode ID: 0057df69e52c1dba6951cba5efb37763de87d67e1695d8e259bfd058da4f4fa3
                                                                                                              • Instruction ID: 55451ad8410b64cc8a59d07f7ed00e2669354665842e22a8a10381ed8c8f1ee7
                                                                                                              • Opcode Fuzzy Hash: 0057df69e52c1dba6951cba5efb37763de87d67e1695d8e259bfd058da4f4fa3
                                                                                                              • Instruction Fuzzy Hash: CC21C6754087846FE7128B25DC40FA6BFB8DF47714F1880D7ED849B253D264A909D771
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A600, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 248 146a600-146a66c 250 146a66e-146a676 FindCloseChangeNotification 248->250 251 146a6ad-146a6b2 248->251 252 146a67c-146a68e 250->252 251->250 254 146a6b4-146a6b9 252->254 255 146a690-146a6ac 252->255 254->255
                                                                                                              APIs
                                                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 0146A674
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591292051-0
                                                                                                              • Opcode ID: 00fcd341dbafd1f931b631c71bd6f00ed67affa0f9a54209882d285a9f639c52
                                                                                                              • Instruction ID: cd5f547dd1baf7efbc1a0a115ce198da72c4de4bc89c5d18ed96246e68651a77
                                                                                                              • Opcode Fuzzy Hash: 00fcd341dbafd1f931b631c71bd6f00ed67affa0f9a54209882d285a9f639c52
                                                                                                              • Instruction Fuzzy Hash: 4A21C27550A3C05FD7038B25DC95752BFB8AF47220F1980DBED858F6A3D2655908CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A448, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 257 146a448-146a48e 259 146a493-146a499 257->259 260 146a490 257->260 261 146a49e-146a4a7 259->261 262 146a49b 259->262 260->259 263 146a4e8-146a4ed 261->263 264 146a4a9-146a4c9 CreateDirectoryW 261->264 262->261 263->264 267 146a4ef-146a4f4 264->267 268 146a4cb-146a4e7 264->268 267->268
                                                                                                              APIs
                                                                                                              • CreateDirectoryW.KERNELBASE(?,?), ref: 0146A4AF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateDirectory
                                                                                                              • String ID:
                                                                                                              • API String ID: 4241100979-0
                                                                                                              • Opcode ID: a3d6b044834f4fa9c2246e04eda5ebb9decb3144d5d7401b7fdfea2877a1456e
                                                                                                              • Instruction ID: 6243d319b45a70b35728c6593bd9fb986fcadead0391fae46062c07bf0dbae76
                                                                                                              • Opcode Fuzzy Hash: a3d6b044834f4fa9c2246e04eda5ebb9decb3144d5d7401b7fdfea2877a1456e
                                                                                                              • Instruction Fuzzy Hash: 8D1172715057849FD711CF29DC89B56BFE8EF06220F1880AAED45DF252D274E904CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A88E, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 270 146a88e-146a8e5 273 146a8e7-146a8ef ReadFile 270->273 274 146a929-146a92e 270->274 276 146a8f5-146a907 273->276 274->273 277 146a930-146a935 276->277 278 146a909-146a926 276->278 277->278
                                                                                                              APIs
                                                                                                              • ReadFile.KERNELBASE(?,00000E2C,796FD4D2,00000000,00000000,00000000,00000000), ref: 0146A8ED
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 2738559852-0
                                                                                                              • Opcode ID: c0d7df619f73af2bf7c210d4725b4455de29ddfef86dc10239bbe78e9edd83ed
                                                                                                              • Instruction ID: 22260b0c8d543e929eae9af739c810b9cb299017e63b81aa1883c986a4ddf6cc
                                                                                                              • Opcode Fuzzy Hash: c0d7df619f73af2bf7c210d4725b4455de29ddfef86dc10239bbe78e9edd83ed
                                                                                                              • Instruction Fuzzy Hash: E611BF71400604EEEB218F55DC84F67FBA8EF04324F24886BEE459B251D275A4098B72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A7AE, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetFilePointer.KERNELBASE(?,00000E2C,796FD4D2,00000000,00000000,00000000,00000000), ref: 0146A80A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FilePointer
                                                                                                              • String ID:
                                                                                                              • API String ID: 973152223-0
                                                                                                              • Opcode ID: 891b0a14cee8ed037b9fb2122aa3949427dd9cde21d3f60244910611c8077962
                                                                                                              • Instruction ID: f985d042f29a3a4542acec70378724a127599febf50f1e0b6de56daebbe1f1bc
                                                                                                              • Opcode Fuzzy Hash: 891b0a14cee8ed037b9fb2122aa3949427dd9cde21d3f60244910611c8077962
                                                                                                              • Instruction Fuzzy Hash: 0E11C171400600AFEB21CF58DC84F67FBACEF44324F14C46BEE459B251D274A4098BB2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A6EE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetFileType.KERNELBASE(?,00000E2C,796FD4D2,00000000,00000000,00000000,00000000), ref: 0146A741
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileType
                                                                                                              • String ID:
                                                                                                              • API String ID: 3081899298-0
                                                                                                              • Opcode ID: 9828e3dfd12ce29f92199addc7fffa6cf8ea38300c9af2572a6e456b236d32f6
                                                                                                              • Instruction ID: 655ecac3ee857a5486ec7e463a429a7bbb8b2fc256fed3d88924c344a628d0b3
                                                                                                              • Opcode Fuzzy Hash: 9828e3dfd12ce29f92199addc7fffa6cf8ea38300c9af2572a6e456b236d32f6
                                                                                                              • Instruction Fuzzy Hash: 93012631500604AEE710CB19DC84F67FBACDF05725F24C057EE45AB351D678E4058B72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A46A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateDirectoryW.KERNELBASE(?,?), ref: 0146A4AF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateDirectory
                                                                                                              • String ID:
                                                                                                              • API String ID: 4241100979-0
                                                                                                              • Opcode ID: 38fe5599d636f4e37283588623c4201e1074869ac0141143bcaa403a13eb6645
                                                                                                              • Instruction ID: 2fa5ea7609691a8594e88adaf889e4e9064443b43a6e091763ab4deeb980ed6a
                                                                                                              • Opcode Fuzzy Hash: 38fe5599d636f4e37283588623c4201e1074869ac0141143bcaa403a13eb6645
                                                                                                              • Instruction Fuzzy Hash: 0E118E716006009FEB10CF29DC89766FBD8EF04224F1880BBDE49DB752E675E404CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146ADF7, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CloseFind
                                                                                                              • String ID:
                                                                                                              • API String ID: 1863332320-0
                                                                                                              • Opcode ID: 976baaca99347303d9c65a2083ebcb8351a6d5055803ca3a4d78a070e11d8038
                                                                                                              • Instruction ID: b81469a21821656bda768db92e531cf540d43e59d1d12705ff22f2709224a2eb
                                                                                                              • Opcode Fuzzy Hash: 976baaca99347303d9c65a2083ebcb8351a6d5055803ca3a4d78a070e11d8038
                                                                                                              • Instruction Fuzzy Hash: BC1191715097809FD7128B29DC45A52FFF8EF06220F0980DBDD858B263C275A848CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146B020, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetSystemInfo.KERNELBASE(?), ref: 0146B074
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InfoSystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 31276548-0
                                                                                                              • Opcode ID: 6577bc10bed7be201dfefbe54d9e918718577c3b62cf36a910088a0fa6fb307d
                                                                                                              • Instruction ID: 386f2dd124d682f86268475d41b9dc02543e6b202f2d737f030533998e75687f
                                                                                                              • Opcode Fuzzy Hash: 6577bc10bed7be201dfefbe54d9e918718577c3b62cf36a910088a0fa6fb307d
                                                                                                              • Instruction Fuzzy Hash: 67117071509384AFDB12CF25DC84B56FFA8DF46224F1884EBED848F253D275A908CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A23C, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(?), ref: 0146A290
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: a170be37fc7a27a57bf0c2464f2f6da8440207b5bd879778183bd386feb620dc
                                                                                                              • Instruction ID: 054d1fbda966df4d0b511bce74c14873ef730ee06072eb01fe5f160ab3698708
                                                                                                              • Opcode Fuzzy Hash: a170be37fc7a27a57bf0c2464f2f6da8440207b5bd879778183bd386feb620dc
                                                                                                              • Instruction Fuzzy Hash: B511A171409384AFD7128B15DC84B62FFB8DF46224F0880DBED849F263D275A808CB72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146AA52, Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreatePipe.KERNELBASE(?,00000E2C,?,?), ref: 0146AAA2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreatePipe
                                                                                                              • String ID:
                                                                                                              • API String ID: 2719314638-0
                                                                                                              • Opcode ID: f55e3ab8c2752a9737363cfb2b12d3842bc7e5e907b875c2983121619da75dfe
                                                                                                              • Instruction ID: bdf58013ff92483a527af92be071b09fea90b7c1f84801606a51cf67468c60ef
                                                                                                              • Opcode Fuzzy Hash: f55e3ab8c2752a9737363cfb2b12d3842bc7e5e907b875c2983121619da75dfe
                                                                                                              • Instruction Fuzzy Hash: 79017172500600ABD710DF16DC86F26FBA8FB88B20F14816AED089B741E371B515CBA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A172, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FindNextFileW.KERNELBASE(?,00000E2C,?,?), ref: 0146A1C2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileFindNext
                                                                                                              • String ID:
                                                                                                              • API String ID: 2029273394-0
                                                                                                              • Opcode ID: dff6563bb1ce7a4649aafd9ec950166df721e6bd255c8fd4375c3bb5f9352ecf
                                                                                                              • Instruction ID: 038c258f7f4a11a06e0837f213697b4ba20ca2c8a22d2739c94558739bada3f0
                                                                                                              • Opcode Fuzzy Hash: dff6563bb1ce7a4649aafd9ec950166df721e6bd255c8fd4375c3bb5f9352ecf
                                                                                                              • Instruction Fuzzy Hash: 11017171500600ABD710DF16DC86B26FBA8EB88A20F14816AED089B741E375B515CBA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A642, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 0146A674
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                              • String ID:
                                                                                                              • API String ID: 2591292051-0
                                                                                                              • Opcode ID: 22fa2a2abc60a8ce63c4118f4f2553bfcc8c52299f15fda13d2b2b3b7da2cdac
                                                                                                              • Instruction ID: 03b7c9e4def6e9a4b0a59e1dff56a6a4f972b1231f42949ef8036488c4b1372e
                                                                                                              • Opcode Fuzzy Hash: 22fa2a2abc60a8ce63c4118f4f2553bfcc8c52299f15fda13d2b2b3b7da2cdac
                                                                                                              • Instruction Fuzzy Hash: 79018F719006409FDB11CF29D885766FFA8EF44224F18C0ABDE499F752D6B5A818CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146AE1E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CloseFind
                                                                                                              • String ID:
                                                                                                              • API String ID: 1863332320-0
                                                                                                              • Opcode ID: a7e7c6d2eb2b76b34dd66e2f52ba3857d4a712eac564a478bb178ba787d2e757
                                                                                                              • Instruction ID: 840f0335e4cb305f0bffd3b92bccabe00dba3863d9f2aa214c5e5fc5a758d5f5
                                                                                                              • Opcode Fuzzy Hash: a7e7c6d2eb2b76b34dd66e2f52ba3857d4a712eac564a478bb178ba787d2e757
                                                                                                              • Instruction Fuzzy Hash: D701D135640A409FDB108F19DC85766FF98DF04334F18C0ABDD499B762D2B5E808CB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0146A25E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(?), ref: 0146A290
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349594090.000000000146A000.00000040.00000001.sdmp, Offset: 0146A000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_146a000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: ce35d0b85879b1f0d48a3ca47086877b4c9306b5f5ec2482ce31e9e0f6393779
                                                                                                              • Instruction ID: a2fc72592afc0f20727de126ccd7c930a6c8bc3dab6ada1c876ca1bd5be92c17
                                                                                                              • Opcode Fuzzy Hash: ce35d0b85879b1f0d48a3ca47086877b4c9306b5f5ec2482ce31e9e0f6393779
                                                                                                              • Instruction Fuzzy Hash: 55F0AF35904A44DFDB10CF19D884762FFA4EF04724F28C09BDE495B762D2B6A408CFA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EC08A2, Relevance: 1.0, Instructions: 976COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349823107.0000000002EC0000.00000040.00000040.sdmp, Offset: 02EC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c31217d2c1a5695f778c19ad1ed92777cbf095560f89046faa1fc5f2e242edd7
                                                                                                              • Instruction ID: 585bbb42aad044d51ed4f2fbde18b1f0c446cf5d26db9de1adeb3430bcf27186
                                                                                                              • Opcode Fuzzy Hash: c31217d2c1a5695f778c19ad1ed92777cbf095560f89046faa1fc5f2e242edd7
                                                                                                              • Instruction Fuzzy Hash: CC11C0E39492401FE7424A146C978E5BBF4CD93034B1981EBEC89CB213F21A591B8BE7
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EB0C30, Relevance: .2, Instructions: 155COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349815690.0000000002EB0000.00000040.00000001.sdmp, Offset: 02EB0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2eb0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9ca1af7f7c15cb6d847131aaf34403e50f68ac1ab70fae22bb33e7c05db0ea15
                                                                                                              • Instruction ID: 07c62c1b48d2fdc248ba3f7c2cc96b127edc4431856bd7710bc6e077221da856
                                                                                                              • Opcode Fuzzy Hash: 9ca1af7f7c15cb6d847131aaf34403e50f68ac1ab70fae22bb33e7c05db0ea15
                                                                                                              • Instruction Fuzzy Hash: 5451E570E42218DFCB58DFB9D490AAEBBB2BF89300F20A469E405B7354DB35A941CF54
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EB0ACA, Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349815690.0000000002EB0000.00000040.00000001.sdmp, Offset: 02EB0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2eb0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ea7c478e1237ad87e6fd34cb332ad7dd31c1b0d8300afc0b394e34f9e7a724ac
                                                                                                              • Instruction ID: 7f3b0449c3f631ff9683f677aa6a8131ef9d99953edd4749f2806b23c15ecc1b
                                                                                                              • Opcode Fuzzy Hash: ea7c478e1237ad87e6fd34cb332ad7dd31c1b0d8300afc0b394e34f9e7a724ac
                                                                                                              • Instruction Fuzzy Hash: 93214A75E01208CFCB04DFA8E4946EEBBB6FB98314F20952AE501B3260DB746D16CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EB0AD8, Relevance: .1, Instructions: 71COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349815690.0000000002EB0000.00000040.00000001.sdmp, Offset: 02EB0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2eb0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 140e823b09b1796d909910376e32b682c182ffd9160f0dcb28f40cad66db12a5
                                                                                                              • Instruction ID: 77d72fb872d932d39570f43b36836d8da6e4edcb55feed76b481ef222050e44c
                                                                                                              • Opcode Fuzzy Hash: 140e823b09b1796d909910376e32b682c182ffd9160f0dcb28f40cad66db12a5
                                                                                                              • Instruction Fuzzy Hash: B0213A75E01208CFCB05DFA8E4946EEBBB6FB89314F20952AE50073264DB746E16CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EC07F7, Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349823107.0000000002EC0000.00000040.00000040.sdmp, Offset: 02EC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 78e8c63ea1cbcf2b38d5df54bf778d4a396d14dd27ed14b448edfa6cdb6fa968
                                                                                                              • Instruction ID: 098a87e35f9dfb2a5dad111db0e90f6b083fad28821c1b8f12d99b31b1a25b55
                                                                                                              • Opcode Fuzzy Hash: 78e8c63ea1cbcf2b38d5df54bf778d4a396d14dd27ed14b448edfa6cdb6fa968
                                                                                                              • Instruction Fuzzy Hash: E001D4B24093406FD301CF15EC41C57BBE8DF86520B09C96BFD488B202D266B9188BB2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EC05CF, Relevance: .0, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349823107.0000000002EC0000.00000040.00000040.sdmp, Offset: 02EC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 977cccf36b50e8053c655a7e4b642988dd5c77820ddf734d437b5890b9abe566
                                                                                                              • Instruction ID: faab1a8901b1f50a241ad043878dbf0cb70e332ebd467fe4eb2711fef997e11e
                                                                                                              • Opcode Fuzzy Hash: 977cccf36b50e8053c655a7e4b642988dd5c77820ddf734d437b5890b9abe566
                                                                                                              • Instruction Fuzzy Hash: 4A01D6B25097806FD7128F16AC40862FFB8DF86220709C49FED498B612D225B809CB72
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EB0E38, Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349815690.0000000002EB0000.00000040.00000001.sdmp, Offset: 02EB0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2eb0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6e6f3716ecdcaf007b315d792ebe005fe2e31ac42a8245de87414bf19f4c25e
                                                                                                              • Instruction ID: 68ad386d540de614214abee25f1132d87c5af31167ae36f3a46686bfd90c0ee0
                                                                                                              • Opcode Fuzzy Hash: c6e6f3716ecdcaf007b315d792ebe005fe2e31ac42a8245de87414bf19f4c25e
                                                                                                              • Instruction Fuzzy Hash: 8001C270D413488FCF19DFA8D554BAEBBB1AF46309F20A9AAC40177291D7755A84CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EB0E48, Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349815690.0000000002EB0000.00000040.00000001.sdmp, Offset: 02EB0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2eb0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 445b39ab20dfa5d58b03f752cb61e314aaa5035c14df2a5427525e9de82e5718
                                                                                                              • Instruction ID: a41e23169f4e54fe63c0c6f10956c1415d2d53455a9a9b1adf82d6d68a8ebd07
                                                                                                              • Opcode Fuzzy Hash: 445b39ab20dfa5d58b03f752cb61e314aaa5035c14df2a5427525e9de82e5718
                                                                                                              • Instruction Fuzzy Hash: 0101D274D41309DFCB08EFA8D144BAEBBB1AF45305F20A9A9C40177290DB78AA84CF94
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EB0BBF, Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349815690.0000000002EB0000.00000040.00000001.sdmp, Offset: 02EB0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2eb0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2c9f0c609d946a6dd3f5a857d8a951670c1e50691e02d1c97e727424e665f49d
                                                                                                              • Instruction ID: 89dd0211d63c8d8b040d8da943ee058b6afc421aa97a9b8bb77cb02629835109
                                                                                                              • Opcode Fuzzy Hash: 2c9f0c609d946a6dd3f5a857d8a951670c1e50691e02d1c97e727424e665f49d
                                                                                                              • Instruction Fuzzy Hash: 8201F2B4D04209DFCF04DFA9D584AEEBFF1EF85300F2098AA8819A3214EB785A01DF51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EC081E, Relevance: .0, Instructions: 34COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349823107.0000000002EC0000.00000040.00000040.sdmp, Offset: 02EC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1c91a980880d3f86d29f3c1faf7065e45c8683ff0b9f61dab7f8f66753a28799
                                                                                                              • Instruction ID: 221e2802f34df01c06364ebf7d063cc9c66e6bb74b16b1d9d4054dba2e2cb03c
                                                                                                              • Opcode Fuzzy Hash: 1c91a980880d3f86d29f3c1faf7065e45c8683ff0b9f61dab7f8f66753a28799
                                                                                                              • Instruction Fuzzy Hash: D9F082B29052046BD340DF05EC41896F7ECDFC4921B14C52EFD488B700E376B9154AF6
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 02EC05F6, Relevance: .0, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349823107.0000000002EC0000.00000040.00000040.sdmp, Offset: 02EC0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2ec0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 96fe71e70594553670f74a5a11ec508f45ed1f126b70fbc6a6fba5bb96ed481a
                                                                                                              • Instruction ID: aedd5c6f8c88ded0dece6b6b1586538973e474e7f09a83072dd565b4565f628f
                                                                                                              • Opcode Fuzzy Hash: 96fe71e70594553670f74a5a11ec508f45ed1f126b70fbc6a6fba5bb96ed481a
                                                                                                              • Instruction Fuzzy Hash: BCE06D766006008B9750CF0AEC81452F798EB88630B58C16FDD0D8BB00E236B5058EA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014623F4, Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349583530.0000000001462000.00000040.00000001.sdmp, Offset: 01462000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1462000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c50b1ef3c31e146658771badbcaee739737c87fba915802da88cf4717435f24f
                                                                                                              • Instruction ID: 5c2241bf6b8951d4ee3301e644403f33c92a82113f784c64495a036f9f1d861d
                                                                                                              • Opcode Fuzzy Hash: c50b1ef3c31e146658771badbcaee739737c87fba915802da88cf4717435f24f
                                                                                                              • Instruction Fuzzy Hash: B3D05B752156915FD3168A1CC168F653FA4AF51B04F4644FEE8008B773C764D581D101
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014623BC, Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349583530.0000000001462000.00000040.00000001.sdmp, Offset: 01462000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1462000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fa41b08126a353943b66474bc074b7e3b7cb086a9fd958d9ac68de37bf6bd21c
                                                                                                              • Instruction ID: 26bb0cdb04bec96a8d0cd0c67f8bc1084db2c4c1c6803f8e6183c78e9bf10735
                                                                                                              • Opcode Fuzzy Hash: fa41b08126a353943b66474bc074b7e3b7cb086a9fd958d9ac68de37bf6bd21c
                                                                                                              • Instruction Fuzzy Hash: E2D05E342002818BD715DB1CC594F5A3BD8AB41B04F0644EAAD00CB772C3B4D8C1C600
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Non-executed Functions

                                                                                                              Function 02EB0299, Relevance: .2, Instructions: 204COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.349815690.0000000002EB0000.00000040.00000001.sdmp, Offset: 02EB0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_2eb0000_unarchiver.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7e8bf58c8d5764f0faa3445b5962d5c171eaf49b86e8985276f142ead6de383b
                                                                                                              • Instruction ID: f512c9fa661e154c0b60152da8033c71cbfe0ce46bf14938d218a3862ba2cdff
                                                                                                              • Opcode Fuzzy Hash: 7e8bf58c8d5764f0faa3445b5962d5c171eaf49b86e8985276f142ead6de383b
                                                                                                              • Instruction Fuzzy Hash: 9991FC74E00244DFDB15CFA9E848A9DBBB3FBA9301F10D1A9E809B7264DB345945DF60
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Analysis Process: Szallitasi adatok.exe PID: 7056 Parent PID: 7008 Szallitasi adatok.exeCOMMON

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:10.7%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:0%
                                                                                                              Total number of Nodes:160
                                                                                                              Total number of Limit Nodes:6

                                                                                                              Graph

                                                                                                              execution_graph 19227 14cdb18 19228 14cdb80 CreateWindowExW 19227->19228 19230 14cdc3c 19228->19230 19230->19230 19231 14ce0d8 19235 14ce138 SetWindowLongW 19231->19235 19237 14ce129 19231->19237 19232 14ce0fe 19240 14cdcc4 19232->19240 19234 14ce10a 19235->19232 19238 14caadc SetWindowLongW 19237->19238 19239 14ce150 19238->19239 19239->19232 19241 14cdccf 19240->19241 19242 14ce217 19241->19242 19243 14cdcf4 SetWindowLongW 19241->19243 19242->19234 19243->19242 19257 14c7628 19258 14c7650 19257->19258 19260 14c7678 19258->19260 19261 14c6c84 19258->19261 19260->19260 19262 14c6c8f 19261->19262 19266 14cb6c8 19262->19266 19272 14cb6b0 19262->19272 19263 14c7720 19263->19260 19268 14cb746 19266->19268 19269 14cb6f9 19266->19269 19267 14cb705 19267->19263 19268->19263 19269->19267 19278 14cba00 19269->19278 19282 14cba10 19269->19282 19273 14cb635 19272->19273 19274 14cb6be 19272->19274 19273->19263 19275 14cb705 19274->19275 19276 14cba00 2 API calls 19274->19276 19277 14cba10 2 API calls 19274->19277 19275->19263 19276->19275 19277->19275 19279 14cba10 19278->19279 19285 14cba50 19279->19285 19280 14cba1a 19280->19268 19284 14cba50 2 API calls 19282->19284 19283 14cba1a 19283->19268 19284->19283 19286 14cba73 19285->19286 19287 14cba8b 19286->19287 19293 14cbcd8 19286->19293 19297 14cbce8 19286->19297 19287->19280 19288 14cbc88 GetModuleHandleW 19290 14cbcb5 19288->19290 19289 14cba83 19289->19287 19289->19288 19290->19280 19294 14cbce8 19293->19294 19296 14cbd21 19294->19296 19301 14ca988 19294->19301 19296->19289 19298 14cbcfc 19297->19298 19299 14cbd21 19298->19299 19300 14ca988 LoadLibraryExW 19298->19300 19299->19289 19300->19299 19302 14cbec8 LoadLibraryExW 19301->19302 19304 14cbf41 19302->19304 19304->19296 19305 4e60040 19306 4e6006a 19305->19306 19307 4e600c5 19306->19307 19309 4e61a50 19306->19309 19310 4e61a96 OutputDebugStringW 19309->19310 19312 4e61acf 19310->19312 19312->19306 19313 4e64b1d 19317 4e65460 19313->19317 19329 4e65451 19313->19329 19314 4e64b2f 19318 4e6547d 19317->19318 19319 4e654a1 19318->19319 19341 4e65c39 19318->19341 19345 4e6676b 19318->19345 19349 4e6606c 19318->19349 19354 4e66a8e 19318->19354 19358 4e661b2 19318->19358 19361 4e65ba4 19318->19361 19366 4e669e7 19318->19366 19370 4e65df7 19318->19370 19374 4e65e77 19318->19374 19319->19314 19330 4e65454 19329->19330 19331 4e654a1 19330->19331 19332 4e65e77 SetThreadContext 19330->19332 19333 4e65df7 2 API calls 19330->19333 19334 4e669e7 2 API calls 19330->19334 19335 4e65ba4 2 API calls 19330->19335 19336 4e661b2 VirtualAllocEx 19330->19336 19337 4e66a8e ResumeThread 19330->19337 19338 4e6606c 2 API calls 19330->19338 19339 4e6676b SetThreadContext 19330->19339 19340 4e65c39 2 API calls 19330->19340 19331->19314 19332->19331 19333->19331 19334->19331 19335->19331 19336->19331 19337->19331 19338->19331 19339->19331 19340->19331 19377 4e63c88 19341->19377 19381 4e63c81 19341->19381 19342 4e65c67 19346 4e66771 19345->19346 19385 4e63af0 19346->19385 19350 4e66075 19349->19350 19352 4e63c81 WriteProcessMemory 19350->19352 19353 4e63c88 WriteProcessMemory 19350->19353 19351 4e660ab 19352->19351 19353->19351 19355 4e66a94 19354->19355 19389 4e63a40 19355->19389 19393 4e63bc8 19358->19393 19362 4e65baa 19361->19362 19397 4e64310 19362->19397 19401 4e6430c 19362->19401 19405 4e64171 19366->19405 19409 4e64178 19366->19409 19367 4e66a09 19372 4e63c81 WriteProcessMemory 19370->19372 19373 4e63c88 WriteProcessMemory 19370->19373 19371 4e65e18 19372->19371 19373->19371 19376 4e63af0 SetThreadContext 19374->19376 19375 4e65e91 19376->19375 19378 4e63cd0 WriteProcessMemory 19377->19378 19380 4e63d27 19378->19380 19380->19342 19382 4e63cd0 WriteProcessMemory 19381->19382 19384 4e63d27 19382->19384 19384->19342 19386 4e63b35 SetThreadContext 19385->19386 19388 4e63b7d 19386->19388 19390 4e63a80 ResumeThread 19389->19390 19392 4e63ab1 19390->19392 19394 4e63c08 VirtualAllocEx 19393->19394 19396 4e63c45 19394->19396 19398 4e64399 CreateProcessA 19397->19398 19400 4e6455b 19398->19400 19402 4e64399 CreateProcessA 19401->19402 19404 4e6455b 19402->19404 19406 4e641c3 ReadProcessMemory 19405->19406 19408 4e64207 19406->19408 19408->19367 19410 4e641c3 ReadProcessMemory 19409->19410 19412 4e64207 19410->19412 19412->19367 19197 14ce200 19200 14cdcf4 19197->19200 19199 14ce217 19202 14cdcff 19200->19202 19201 14ce461 19202->19201 19204 14ce138 19202->19204 19205 14ce150 19204->19205 19207 14caadc 19204->19207 19205->19201 19208 14ce168 SetWindowLongW 19207->19208 19209 14ce1d4 19208->19209 19209->19205 19244 14c6a50 GetCurrentProcess 19245 14c6aca GetCurrentThread 19244->19245 19246 14c6ac3 19244->19246 19247 14c6b07 GetCurrentProcess 19245->19247 19248 14c6b00 19245->19248 19246->19245 19249 14c6b3d 19247->19249 19248->19247 19253 14c7009 19249->19253 19250 14c6b65 GetCurrentThreadId 19251 14c6b96 19250->19251 19254 14c707a DuplicateHandle 19253->19254 19256 14c7012 19253->19256 19255 14c7116 19254->19255 19255->19250 19256->19250 19210 4e66fa8 19211 4e67133 19210->19211 19213 4e66fce 19210->19213 19213->19211 19214 14caadc SetWindowLongW 19213->19214 19217 14ce161 19213->19217 19220 14caac6 19213->19220 19224 4e63da0 19213->19224 19214->19213 19218 14ce168 SetWindowLongW 19217->19218 19219 14ce1d4 19218->19219 19219->19213 19221 14caad5 SetWindowLongW 19220->19221 19223 14ce1d4 19221->19223 19223->19213 19225 4e67228 PostMessageW 19224->19225 19226 4e67294 19225->19226 19226->19213

                                                                                                              Executed Functions

                                                                                                              Function 014C6A40, Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 014C6AB0
                                                                                                              • GetCurrentThread.KERNEL32 ref: 014C6AED
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 014C6B2A
                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 014C6B83
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Current$ProcessThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2063062207-0
                                                                                                              • Opcode ID: 4b7cae525a9f378c1555aaa006d2b9a735d97c2a2ac6aebc2810f65447a883dc
                                                                                                              • Instruction ID: 9a59d8735854933155a70263a50e40e66aaff287b24c1b0d9fc4af2f6d592388
                                                                                                              • Opcode Fuzzy Hash: 4b7cae525a9f378c1555aaa006d2b9a735d97c2a2ac6aebc2810f65447a883dc
                                                                                                              • Instruction Fuzzy Hash: CC5163B4904648CFDB54CFA9D948B9EBBF0BF49304F20845EE519A7361D7749844CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014C6A50, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 014C6AB0
                                                                                                              • GetCurrentThread.KERNEL32 ref: 014C6AED
                                                                                                              • GetCurrentProcess.KERNEL32 ref: 014C6B2A
                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 014C6B83
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Current$ProcessThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2063062207-0
                                                                                                              • Opcode ID: 56fdd089a6ad757ebe81d7e326e909085d32d832098216c0b05e4710d69b25d8
                                                                                                              • Instruction ID: d323408bb34a56c51625070fb461f67b6cb12e6d9fc4fef1abd837e8d207f73a
                                                                                                              • Opcode Fuzzy Hash: 56fdd089a6ad757ebe81d7e326e909085d32d832098216c0b05e4710d69b25d8
                                                                                                              • Instruction Fuzzy Hash: 295144B4904648CFDB54CFAAD948BEEBBF0BF49314F20845EE119A7360D7749844CB65
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E6430C, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 198 4e6430c-4e643a5 200 4e643a7-4e643b1 198->200 201 4e643de-4e643fe 198->201 200->201 202 4e643b3-4e643b5 200->202 206 4e64437-4e64466 201->206 207 4e64400-4e6440a 201->207 204 4e643b7-4e643c1 202->204 205 4e643d8-4e643db 202->205 208 4e643c5-4e643d4 204->208 209 4e643c3 204->209 205->201 217 4e6449f-4e64559 CreateProcessA 206->217 218 4e64468-4e64472 206->218 207->206 210 4e6440c-4e6440e 207->210 208->208 211 4e643d6 208->211 209->208 212 4e64410-4e6441a 210->212 213 4e64431-4e64434 210->213 211->205 215 4e6441e-4e6442d 212->215 216 4e6441c 212->216 213->206 215->215 219 4e6442f 215->219 216->215 229 4e64562-4e645e8 217->229 230 4e6455b-4e64561 217->230 218->217 220 4e64474-4e64476 218->220 219->213 222 4e64478-4e64482 220->222 223 4e64499-4e6449c 220->223 224 4e64486-4e64495 222->224 225 4e64484 222->225 223->217 224->224 226 4e64497 224->226 225->224 226->223 240 4e645ea-4e645ee 229->240 241 4e645f8-4e645fc 229->241 230->229 240->241 244 4e645f0 240->244 242 4e645fe-4e64602 241->242 243 4e6460c-4e64610 241->243 242->243 245 4e64604 242->245 246 4e64612-4e64616 243->246 247 4e64620-4e64624 243->247 244->241 245->243 246->247 248 4e64618 246->248 249 4e64636-4e6463d 247->249 250 4e64626-4e6462c 247->250 248->247 251 4e64654 249->251 252 4e6463f-4e6464e 249->252 250->249 253 4e64655 251->253 252->251 253->253
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04E64546
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: c084a664251999c8c908bfb4022fd8e91d49a3b5e979d130ba323a7a122ee92b
                                                                                                              • Instruction ID: cbf080530ead22bdb757027f8eaf69b348f01cd5040fc3e3a0e3a105613ce85c
                                                                                                              • Opcode Fuzzy Hash: c084a664251999c8c908bfb4022fd8e91d49a3b5e979d130ba323a7a122ee92b
                                                                                                              • Instruction Fuzzy Hash: 3E917E71D00219DFEF20DF68C9417EDBBB2BF48358F049569E81AA7280DB74A985CF91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E64310, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 255 4e64310-4e643a5 257 4e643a7-4e643b1 255->257 258 4e643de-4e643fe 255->258 257->258 259 4e643b3-4e643b5 257->259 263 4e64437-4e64466 258->263 264 4e64400-4e6440a 258->264 261 4e643b7-4e643c1 259->261 262 4e643d8-4e643db 259->262 265 4e643c5-4e643d4 261->265 266 4e643c3 261->266 262->258 274 4e6449f-4e64559 CreateProcessA 263->274 275 4e64468-4e64472 263->275 264->263 267 4e6440c-4e6440e 264->267 265->265 268 4e643d6 265->268 266->265 269 4e64410-4e6441a 267->269 270 4e64431-4e64434 267->270 268->262 272 4e6441e-4e6442d 269->272 273 4e6441c 269->273 270->263 272->272 276 4e6442f 272->276 273->272 286 4e64562-4e645e8 274->286 287 4e6455b-4e64561 274->287 275->274 277 4e64474-4e64476 275->277 276->270 279 4e64478-4e64482 277->279 280 4e64499-4e6449c 277->280 281 4e64486-4e64495 279->281 282 4e64484 279->282 280->274 281->281 283 4e64497 281->283 282->281 283->280 297 4e645ea-4e645ee 286->297 298 4e645f8-4e645fc 286->298 287->286 297->298 301 4e645f0 297->301 299 4e645fe-4e64602 298->299 300 4e6460c-4e64610 298->300 299->300 302 4e64604 299->302 303 4e64612-4e64616 300->303 304 4e64620-4e64624 300->304 301->298 302->300 303->304 305 4e64618 303->305 306 4e64636-4e6463d 304->306 307 4e64626-4e6462c 304->307 305->304 308 4e64654 306->308 309 4e6463f-4e6464e 306->309 307->306 310 4e64655 308->310 309->308 310->310
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04E64546
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: 524f6438ce8e4306195a8b1ac5ecabb1e6b47d0121e880f82cbedc180c477d2a
                                                                                                              • Instruction ID: 0eb18f94d232f461b692314aae984aae87dd185c16838896c5a1419b2101b0cc
                                                                                                              • Opcode Fuzzy Hash: 524f6438ce8e4306195a8b1ac5ecabb1e6b47d0121e880f82cbedc180c477d2a
                                                                                                              • Instruction Fuzzy Hash: A0916E71D00219DFEF20DF69C9417EDBBB2BF48358F048569E81AA7280DB74A985CF91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CBA50, Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 312 14cba50-14cba75 call 14ca934 315 14cba8b-14cba8f 312->315 316 14cba77 312->316 317 14cba91-14cba9b 315->317 318 14cbaa3-14cbae4 315->318 365 14cba7d call 14cbcd8 316->365 366 14cba7d call 14cbce8 316->366 317->318 323 14cbae6-14cbaee 318->323 324 14cbaf1-14cbaff 318->324 319 14cba83-14cba85 319->315 322 14cbbc0-14cbc80 319->322 360 14cbc88-14cbcb3 GetModuleHandleW 322->360 361 14cbc82-14cbc85 322->361 323->324 326 14cbb01-14cbb06 324->326 327 14cbb23-14cbb25 324->327 328 14cbb08-14cbb0f call 14ca940 326->328 329 14cbb11 326->329 330 14cbb28-14cbb2f 327->330 333 14cbb13-14cbb21 328->333 329->333 334 14cbb3c-14cbb43 330->334 335 14cbb31-14cbb39 330->335 333->330 336 14cbb45-14cbb4d 334->336 337 14cbb50-14cbb59 call 14ca950 334->337 335->334 336->337 342 14cbb5b-14cbb63 337->342 343 14cbb66-14cbb6b 337->343 342->343 345 14cbb6d-14cbb74 343->345 346 14cbb89-14cbb8d 343->346 345->346 347 14cbb76-14cbb86 call 14c90e8 call 14ca960 345->347 350 14cbb93-14cbb96 346->350 347->346 351 14cbb98-14cbbb6 350->351 352 14cbbb9-14cbbbf 350->352 351->352 362 14cbcbc-14cbcd0 360->362 363 14cbcb5-14cbcbb 360->363 361->360 363->362 365->319 366->319
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 014CBCA6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 458e20302c7134698996139b10ec3e6ab397d1d51005a4fe2acf8892db024d92
                                                                                                              • Instruction ID: 513f52f442d90cb1180feefd3977a6a0f7410eb2eb76366e9d85a692e1747017
                                                                                                              • Opcode Fuzzy Hash: 458e20302c7134698996139b10ec3e6ab397d1d51005a4fe2acf8892db024d92
                                                                                                              • Instruction Fuzzy Hash: 90812574A00B058FD764CF2AD45169ABBF1FF88644F10892ED48ADBB50E775E805CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CDB0D, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 367 14cdb0d-14cdb7e 368 14cdb89-14cdb90 367->368 369 14cdb80-14cdb86 367->369 370 14cdb9b-14cdbd3 368->370 371 14cdb92-14cdb98 368->371 369->368 372 14cdbdb-14cdc3a CreateWindowExW 370->372 371->370 373 14cdc3c-14cdc42 372->373 374 14cdc43-14cdc7b 372->374 373->374 378 14cdc7d-14cdc80 374->378 379 14cdc88 374->379 378->379 380 14cdc89 379->380 380->380
                                                                                                              APIs
                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 014CDC2A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 716092398-0
                                                                                                              • Opcode ID: 222a8af4d974536bb41b7fff4508bbcada3f1e7f9f5c841f891b52167fd31553
                                                                                                              • Instruction ID: 87d13aa8b8937b62bed28e97370ceb83f91ed5c105fd7ed7dbbd3289b6e1ac74
                                                                                                              • Opcode Fuzzy Hash: 222a8af4d974536bb41b7fff4508bbcada3f1e7f9f5c841f891b52167fd31553
                                                                                                              • Instruction Fuzzy Hash: 6C51C1B5D00309DFDF14CFA9D984ADEBBB1BF48310F24862AE819AB210D7709885CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CDB18, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 381 14cdb18-14cdb7e 382 14cdb89-14cdb90 381->382 383 14cdb80-14cdb86 381->383 384 14cdb9b-14cdc3a CreateWindowExW 382->384 385 14cdb92-14cdb98 382->385 383->382 387 14cdc3c-14cdc42 384->387 388 14cdc43-14cdc7b 384->388 385->384 387->388 392 14cdc7d-14cdc80 388->392 393 14cdc88 388->393 392->393 394 14cdc89 393->394 394->394
                                                                                                              APIs
                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 014CDC2A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 716092398-0
                                                                                                              • Opcode ID: 5ce00bbd0f911c80b7ca578f3548db2ef0ecd0176b94ba3bdde7bd546350735a
                                                                                                              • Instruction ID: 4d35977b45562910ce2070e5119af653b3c25796beab4d896485c675fe009fd8
                                                                                                              • Opcode Fuzzy Hash: 5ce00bbd0f911c80b7ca578f3548db2ef0ecd0176b94ba3bdde7bd546350735a
                                                                                                              • Instruction Fuzzy Hash: 2441C0B5D00308DFDF14CF99D984ADEBBB5BF88714F24852AE819AB210D7749885CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014C7009, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 395 14c7009-14c7010 396 14c707a-14c7114 DuplicateHandle 395->396 397 14c7012-14c7041 call 14c6404 395->397 398 14c711d-14c713a 396->398 399 14c7116-14c711c 396->399 401 14c7046-14c706c 397->401 399->398
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014C7107
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 14f7845cb5b0b1f6a22e37605e911b48b25446b2a304014228e71336233a72ea
                                                                                                              • Instruction ID: f1d1efeff6a7f9270f063f417061d9f4f3ab2bf8d8b53e35e94d5dbef6c9e0b9
                                                                                                              • Opcode Fuzzy Hash: 14f7845cb5b0b1f6a22e37605e911b48b25446b2a304014228e71336233a72ea
                                                                                                              • Instruction Fuzzy Hash: 5141457A900259AFDB01CF99D844AEEBFF5FF89310F14806AE944A7321C7349915CFA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E63C81, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 406 4e63c81-4e63cd6 408 4e63ce6-4e63d25 WriteProcessMemory 406->408 409 4e63cd8-4e63ce4 406->409 411 4e63d27-4e63d2d 408->411 412 4e63d2e-4e63d5e 408->412 409->408 411->412
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04E63D18
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: 2c202d43c0ddeebb441b8ad728271f92e76217494141cadbdba5bf3a1e5fab6d
                                                                                                              • Instruction ID: 78fad8ef2b06ca2ec3e4eef8c1b2ab09b7061d9bfed9ac4ccc6a63257a2e323e
                                                                                                              • Opcode Fuzzy Hash: 2c202d43c0ddeebb441b8ad728271f92e76217494141cadbdba5bf3a1e5fab6d
                                                                                                              • Instruction Fuzzy Hash: 2A2144B59043499FCF00CFA9C9817EEBBF1FF48314F14842AE919A7240C778A955CBA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E63C88, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 416 4e63c88-4e63cd6 418 4e63ce6-4e63d25 WriteProcessMemory 416->418 419 4e63cd8-4e63ce4 416->419 421 4e63d27-4e63d2d 418->421 422 4e63d2e-4e63d5e 418->422 419->418 421->422
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04E63D18
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: 0a244ddc63b9559f2d81b3e63c88df8ca480e6639627718ed6332605903dc3b2
                                                                                                              • Instruction ID: 6f407a2ce34b6249db568cbed9a1562417d43541ea4b93e8937ecdc979699075
                                                                                                              • Opcode Fuzzy Hash: 0a244ddc63b9559f2d81b3e63c88df8ca480e6639627718ed6332605903dc3b2
                                                                                                              • Instruction Fuzzy Hash: 882136719043499FCF10CFAAC984BEEBBF5FF48354F10842AE919A7240D778A955CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E64171, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 441 4e64171-4e64205 ReadProcessMemory 444 4e64207-4e6420d 441->444 445 4e6420e-4e6423e 441->445 444->445
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E641F8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 9240bab1786c62ee3d03d2a61e47dfd00478559c0a7cd3a0668c689be808401f
                                                                                                              • Instruction ID: 621c49bfb381594ddcc791fdf79b5fd1c8a4a8c50c5affe71ec92758286e418c
                                                                                                              • Opcode Fuzzy Hash: 9240bab1786c62ee3d03d2a61e47dfd00478559c0a7cd3a0668c689be808401f
                                                                                                              • Instruction Fuzzy Hash: 172116B1D042599FDF00CFA9C9807EEBBF1FF58314F54842AD529A7240C7789545CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E64178, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E641F8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 80e9d7919ffc13153277e54c1f3ef27cf226423a6f2d6ec54d5c04a29c28a84f
                                                                                                              • Instruction ID: d67673a6a5b62fb0c76bbcc30ea312495a1b1fc8f76b5c5d4a4a051ea001c3f3
                                                                                                              • Opcode Fuzzy Hash: 80e9d7919ffc13153277e54c1f3ef27cf226423a6f2d6ec54d5c04a29c28a84f
                                                                                                              • Instruction Fuzzy Hash: EB2128718043599FDF10CFAAC880BEEBBF5FF48354F10842AE919A7240C778A945CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E63AF0, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 431 4e63af0-4e63b3b 433 4e63b3d-4e63b49 431->433 434 4e63b4b-4e63b7b SetThreadContext 431->434 433->434 436 4e63b84-4e63bb4 434->436 437 4e63b7d-4e63b83 434->437 437->436
                                                                                                              APIs
                                                                                                              • SetThreadContext.KERNELBASE(?,00000000), ref: 04E63B6E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 1591575202-0
                                                                                                              • Opcode ID: f3a2fff541d0dcfcaa99d14dfb8654a138a0928e78bd9bee6f6b80f1d29a7e37
                                                                                                              • Instruction ID: 5f5207060f72d454f0ecf980d69620b5a53adead4678c663011942c2f9ab02ea
                                                                                                              • Opcode Fuzzy Hash: f3a2fff541d0dcfcaa99d14dfb8654a138a0928e78bd9bee6f6b80f1d29a7e37
                                                                                                              • Instruction Fuzzy Hash: 972118719043099FDB10CFAAC4847EEBBF4EF58368F14842AD959A7240DB78A945CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014C7078, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 426 14c7078-14c7114 DuplicateHandle 427 14c711d-14c713a 426->427 428 14c7116-14c711c 426->428 428->427
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014C7107
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 6dd0185125330921298a996443ed364c564129b82d58b6ac2385bbd65a2a57a4
                                                                                                              • Instruction ID: 4dfcc8c9405a12765e8fe500f2d513ed41bf159bd7c0377412210c10ee9b99da
                                                                                                              • Opcode Fuzzy Hash: 6dd0185125330921298a996443ed364c564129b82d58b6ac2385bbd65a2a57a4
                                                                                                              • Instruction Fuzzy Hash: 4B2103B5900208EFDB00CFA9D984ADEBFF4EF48364F14845AE954A7311D374A945CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014C7080, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014C7107
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 5966eac2f1c5515196d5684761209e6a621d61da8cf7dd91260f6070e99dd69e
                                                                                                              • Instruction ID: 46984db62129a1b5b9768f1303bd2d6473839bada33895337f64148f69267b7d
                                                                                                              • Opcode Fuzzy Hash: 5966eac2f1c5515196d5684761209e6a621d61da8cf7dd91260f6070e99dd69e
                                                                                                              • Instruction Fuzzy Hash: ED21E2B5900208EFDB10CFAAD984ADEBBF9EB48324F14841AE914A7310D374A944CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CA988, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,014CBD21,00000800,00000000,00000000), ref: 014CBF32
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: cbbdd05d37aa941e9b4655fa49f704bd29dc3c0c03469ba5d555845258c1a8d2
                                                                                                              • Instruction ID: d347c94308b4a06c65d6c3f0475de32af05b66b8c3c6a46fb97975e82f4c1f15
                                                                                                              • Opcode Fuzzy Hash: cbbdd05d37aa941e9b4655fa49f704bd29dc3c0c03469ba5d555845258c1a8d2
                                                                                                              • Instruction Fuzzy Hash: CE1103B69042099FDB10CF9AD444BDEBBF4EB88764F04842EE515A7310C375A945CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CAAC6, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 014CE1C5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LongWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 1378638983-0
                                                                                                              • Opcode ID: 8e8d07524fd5c61fb5d91077c3a4b109eb7a5b3780c390cf711fc75e0b3aba59
                                                                                                              • Instruction ID: de104f552f88cca2b26b2b254b56a00b2bcedcd93be9a022f081bd554279841e
                                                                                                              • Opcode Fuzzy Hash: 8e8d07524fd5c61fb5d91077c3a4b109eb7a5b3780c390cf711fc75e0b3aba59
                                                                                                              • Instruction Fuzzy Hash: 311189B5804348DFEB11CFA9C444BDEBFF8EF48224F14845AD954A7211C374A945CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CBEC0, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,014CBD21,00000800,00000000,00000000), ref: 014CBF32
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID:
                                                                                                              • API String ID: 1029625771-0
                                                                                                              • Opcode ID: f2dbaa553066feefaae0b833daeb26bcbfc9ba22c4908ef6fc67199cc72c6b47
                                                                                                              • Instruction ID: 0d2f320766955ffd3c3b3e5585b3e75dc4ae384d49d6216de640002afa10c89e
                                                                                                              • Opcode Fuzzy Hash: f2dbaa553066feefaae0b833daeb26bcbfc9ba22c4908ef6fc67199cc72c6b47
                                                                                                              • Instruction Fuzzy Hash: D21103B68042099FDB10CF9AD844ADEFBF4EB88754F15842AE515A7300C375A549CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E63BC8, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04E63C36
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 0a1cd315ea9b5668fdbeef9aedd92590b594662c8d787c5463db528758c71dc1
                                                                                                              • Instruction ID: 0da412a108cdfbeba5414c0d7c8c806693082b8dea50531add0dfced42ba94d5
                                                                                                              • Opcode Fuzzy Hash: 0a1cd315ea9b5668fdbeef9aedd92590b594662c8d787c5463db528758c71dc1
                                                                                                              • Instruction Fuzzy Hash: B31167718043489FDF10CFAAC844BEFBBF5AF88324F14841AE925A7210C775A955CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E61A50, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • OutputDebugStringW.KERNELBASE(00000000), ref: 04E61AC0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DebugOutputString
                                                                                                              • String ID:
                                                                                                              • API String ID: 1166629820-0
                                                                                                              • Opcode ID: 40e5ae2249e21c36ceb2afca03f0433257df060398e876cb0ec24b7f6ef2320e
                                                                                                              • Instruction ID: 5d91701b987989392c1eb2bf5ef7e632da79ef95e81b553bd33b0419a1e55b2c
                                                                                                              • Opcode Fuzzy Hash: 40e5ae2249e21c36ceb2afca03f0433257df060398e876cb0ec24b7f6ef2320e
                                                                                                              • Instruction Fuzzy Hash: 7211F0B1D046599BCB10CF9AD944B9EFBF4FB88324F14822AD819B7640D774A944CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E63A40, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: 30ea96a0ebfa15d2e569095feb84448d0e210b92dcf5bdf7fdb8a907d57e87cc
                                                                                                              • Instruction ID: 9ee36208626f50bdaa44c0ff0f34fcb0040bf1e2eff758cf1d62fd7f76cfd167
                                                                                                              • Opcode Fuzzy Hash: 30ea96a0ebfa15d2e569095feb84448d0e210b92dcf5bdf7fdb8a907d57e87cc
                                                                                                              • Instruction Fuzzy Hash: EB112571D042488BDB10DFAAC4447EEFBF5AF98268F14842AD529A7240CB74A945CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E63DA0, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 04E67285
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 201848ab34d9df3996f535d845e8bdafd15e2a6f5810eb1210819db6dc7226f3
                                                                                                              • Instruction ID: 568d9b3ec1dab39185a30f470592a700b93834695135a728bb46bb30bcd64730
                                                                                                              • Opcode Fuzzy Hash: 201848ab34d9df3996f535d845e8bdafd15e2a6f5810eb1210819db6dc7226f3
                                                                                                              • Instruction Fuzzy Hash: 7211E3B5904348DFDB10CF99D445BDEBBF8EB48364F14841AE555A7300D374A944CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 04E67221, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 04E67285
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.344602286.0000000004E60000.00000040.00000001.sdmp, Offset: 04E60000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_4e60000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 0b43ca8840c626797a186bcbf59999472cbb4f6dc5efd97b450b1e560b89951c
                                                                                                              • Instruction ID: 7a639d5a2bc2d3dd176477852cf36499b6833bd5a655ee8853bac8746643a7de
                                                                                                              • Opcode Fuzzy Hash: 0b43ca8840c626797a186bcbf59999472cbb4f6dc5efd97b450b1e560b89951c
                                                                                                              • Instruction Fuzzy Hash: 571103B5800348DFDB10CF99D885BDEBBF4EB58324F14841AE919A7200D374A985CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CAADC, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 014CE1C5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LongWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 1378638983-0
                                                                                                              • Opcode ID: ef65709a698cb16e5830bb87d9451df9444b4c9d31fc25e22d0711b34996d750
                                                                                                              • Instruction ID: 968971e8b0ff27878db71137875d27a50ba5539f56b81bd85bf2540f4443b8e3
                                                                                                              • Opcode Fuzzy Hash: ef65709a698cb16e5830bb87d9451df9444b4c9d31fc25e22d0711b34996d750
                                                                                                              • Instruction Fuzzy Hash: 7C11E3B5804208DFDB50CF99D584BDEBBF8EB88624F10841AD915B7600C374A954CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CBC40, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 014CBCA6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 4689d990f612fd2591184f13c79c8aca5d327a4f399430caa7c99f20352aa807
                                                                                                              • Instruction ID: ddd8937c1511ea464840bc1146381cd52e9cbed74cd766645e1bac8d0655ec43
                                                                                                              • Opcode Fuzzy Hash: 4689d990f612fd2591184f13c79c8aca5d327a4f399430caa7c99f20352aa807
                                                                                                              • Instruction Fuzzy Hash: 52110FB5C002098FDB10CF9AD444BDEFBF4EB88624F14842ED819B7610D374A546CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 014CE161, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 014CE1C5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.342874409.00000000014C0000.00000040.00000001.sdmp, Offset: 014C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_14c0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LongWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 1378638983-0
                                                                                                              • Opcode ID: 43cf20f33576ba5042c042e4eaeb9e54b54163603bf8750a8052d2e3e53b5308
                                                                                                              • Instruction ID: f403fe536bb7965a1ed009d9baa5567276851115a1a4b99bedfbd4338a436557
                                                                                                              • Opcode Fuzzy Hash: 43cf20f33576ba5042c042e4eaeb9e54b54163603bf8750a8052d2e3e53b5308
                                                                                                              • Instruction Fuzzy Hash: DC11F2B59003499FDB50CF9AD588BDEBBF8EB88324F14841AD919B7600D3B4A945CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Non-executed Functions

                                                                                                              Analysis Process: Szallitasi adatok.exe PID: 7104 Parent PID: 7056 Szallitasi adatok.exeCOMMON

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:12.9%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:0%
                                                                                                              Total number of Nodes:74
                                                                                                              Total number of Limit Nodes:7

                                                                                                              Graph

                                                                                                              execution_graph 39246 1832071 39248 183206a 39246->39248 39247 18321c8 39248->39246 39248->39247 39251 18330c8 RegQueryValueExW 39248->39251 39252 1833068 RegQueryValueExW 39248->39252 39253 1832e10 39248->39253 39257 1832db8 39248->39257 39251->39248 39252->39248 39254 1832e62 RegOpenKeyExW 39253->39254 39256 1832ed6 39254->39256 39256->39256 39259 1832dbc 39257->39259 39258 1832dd1 39258->39248 39259->39258 39260 1832e72 RegOpenKeyExW 39259->39260 39261 1832ed6 39260->39261 39238 18377a0 39241 18377c5 39238->39241 39239 183793f 39240 1837f24 LdrInitializeThunk 39240->39241 39241->39239 39241->39240 39242 183be68 39243 183be87 LdrInitializeThunk 39242->39243 39245 183bed8 39243->39245 39262 183d2b8 39264 183d2cd 39262->39264 39263 183d5ac 39264->39263 39267 183e947 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 39264->39267 39269 183db38 39264->39269 39274 183db48 39264->39274 39279 183eb24 39264->39279 39267->39264 39270 183db3c 39269->39270 39283 183dc10 39270->39283 39290 183dc08 39270->39290 39271 183db6f 39271->39264 39275 183db4d 39274->39275 39277 183dc10 3 API calls 39275->39277 39278 183dc08 3 API calls 39275->39278 39276 183db6f 39276->39264 39277->39276 39278->39276 39280 183eb25 39279->39280 39281 183eb67 39280->39281 39282 183ede0 3 API calls 39280->39282 39281->39264 39282->39281 39284 183dc15 39283->39284 39286 183dc62 39284->39286 39287 183dc10 3 API calls 39284->39287 39288 183dc08 3 API calls 39284->39288 39285 183dc3a 39297 183e947 39285->39297 39286->39271 39287->39285 39288->39285 39291 183dc10 39290->39291 39293 183dc62 39291->39293 39294 183dc10 3 API calls 39291->39294 39295 183dc08 3 API calls 39291->39295 39292 183dc3a 39296 183e947 3 API calls 39292->39296 39293->39271 39294->39292 39295->39292 39296->39293 39299 183e94c 39297->39299 39298 183e963 39298->39286 39299->39298 39300 183ea66 39299->39300 39303 183ea75 39299->39303 39301 183db48 3 API calls 39300->39301 39302 183ea6d 39301->39302 39302->39286 39303->39302 39305 183ede0 39303->39305 39309 183ee08 39305->39309 39316 183ee18 39305->39316 39306 183edee 39306->39302 39311 183ee0b 39309->39311 39312 183ee6a 39309->39312 39310 183ee25 39310->39306 39311->39310 39311->39312 39323 183d96c 39311->39323 39314 183ef36 GlobalMemoryStatusEx 39312->39314 39315 183ee6e 39312->39315 39314->39315 39315->39306 39317 183ee1d 39316->39317 39318 183ee25 39317->39318 39319 183d96c GlobalMemoryStatusEx 39317->39319 39321 183ee6a 39317->39321 39318->39306 39319->39321 39320 183ef36 GlobalMemoryStatusEx 39322 183ee6e 39320->39322 39321->39320 39321->39322 39322->39306 39324 183eef0 GlobalMemoryStatusEx 39323->39324 39326 183ef66 39324->39326 39326->39312

                                                                                                              Executed Functions

                                                                                                              Function 01880040, Relevance: 3.5, Instructions: 3518COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b64994f4a5bffb6c813bf143cf4d69dc0d88ef965c86b0ee24d0dd569b1795d7
                                                                                                              • Instruction ID: 214d763dbe9d0e004760cd88c989678bbdc862f96877d10c14d1d03104c20bcd
                                                                                                              • Opcode Fuzzy Hash: b64994f4a5bffb6c813bf143cf4d69dc0d88ef965c86b0ee24d0dd569b1795d7
                                                                                                              • Instruction Fuzzy Hash: 04733F31D147198ECB11EF68C8846D9F7B1FF99300F15C69AE449AB261EB70AAC5CF81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01880014, Relevance: 2.8, Instructions: 2785COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3d7caa79e3849a5ffc6066389f810789f49f0faaaa7d0a9260768d5a802971b6
                                                                                                              • Instruction ID: e0ae03f56ac10a2b8e8cb081b7068d24d2fb85c5b74cac70c133dcb57d50a94f
                                                                                                              • Opcode Fuzzy Hash: 3d7caa79e3849a5ffc6066389f810789f49f0faaaa7d0a9260768d5a802971b6
                                                                                                              • Instruction Fuzzy Hash: AF53EC30D1471A8ECB11EF68C894699F7B1FF99300F15D79AE458A7221EB70AAC5CF81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188F3C0, Relevance: 2.3, Strings: 1, Instructions: 1092COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: j
                                                                                                              • API String ID: 0-2137352139
                                                                                                              • Opcode ID: 6687c0d730eb77f01419448763298a2137e0a3d57a5c3ba734a4c815dac78138
                                                                                                              • Instruction ID: 170fcab6686d2ba8034924b305149ea1b6596833d2bd1a5965a28b70dae63675
                                                                                                              • Opcode Fuzzy Hash: 6687c0d730eb77f01419448763298a2137e0a3d57a5c3ba734a4c815dac78138
                                                                                                              • Instruction Fuzzy Hash: 4162D230A042498FDB25EF6CC880BAEBBF2EF85314F15846AE205DB396D635ED45CB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 018377A0, Relevance: 2.3, APIs: 1, Instructions: 760libraryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1837 18377a0-18378a6 1854 18378a8-18378e9 1837->1854 1855 18378fd-1837907 1837->1855 1854->1855 1861 18378eb-18378fb 1854->1861 1858 183790d-1837928 1855->1858 2036 183792a call 1838770 1858->2036 2037 183792a call 1838778 1858->2037 1861->1858 1863 183792f-183793d 1865 183793f-1838325 1863->1865 1866 183794d-1837cfa 1863->1866 1905 1837d00-1837d0d 1866->1905 1906 18382e5-1838308 1866->1906 1907 1837d13-1837d7e 1905->1907 1908 183830d-1838317 1905->1908 1906->1908 1907->1906 1919 1837d84-1837db9 1907->1919 1922 1837de2-1837dea 1919->1922 1923 1837dbb-1837de0 1919->1923 1926 1837ded-1837e36 1922->1926 1923->1926 1931 18382cc-18382d2 1926->1931 1932 1837e3c-1837e94 1926->1932 1931->1906 1933 18382d4-18382dd 1931->1933 1932->1931 1939 1837e9a-1837ea4 1932->1939 1933->1907 1934 18382e3 1933->1934 1934->1908 1939->1931 1940 1837eaa-1837ebd 1939->1940 1940->1931 1941 1837ec3-1837eea 1940->1941 1945 1837ef0-1837ef3 1941->1945 1946 183828d-18382b0 1941->1946 1945->1946 1947 1837ef9-1837f33 LdrInitializeThunk 1945->1947 1954 18382b5-18382bb 1946->1954 1957 1837f39-1837f88 1947->1957 1954->1906 1956 18382bd-18382c6 1954->1956 1956->1931 1956->1941 1965 1837f8e-1837fc7 1957->1965 1966 18380cd-18380d3 1957->1966 1970 18380e9-18380ef 1965->1970 1982 1837fcd-1838003 1965->1982 1967 18380e1 1966->1967 1968 18380d5-18380d7 1966->1968 1967->1970 1968->1967 1971 18380f1-18380f3 1970->1971 1972 18380fd-1838100 1970->1972 1971->1972 1974 183810b-1838111 1972->1974 1976 1838113-1838115 1974->1976 1977 183811f-1838122 1974->1977 1976->1977 1979 1838071-18380a1 1977->1979 1985 18380a3-18380c2 1979->1985 1988 1838127-1838155 1982->1988 1989 1838009-183802c 1982->1989 1991 183815a-18381ac 1985->1991 1992 18380c8 1985->1992 1988->1985 1989->1988 1998 1838032-1838065 1989->1998 2011 18381b6-18381bc 1991->2011 2012 18381ae-18381b4 1991->2012 1992->1954 1998->1974 2010 183806b 1998->2010 2010->1979 2014 18381ca 2011->2014 2015 18381be-18381c0 2011->2015 2013 18381cd-18381eb 2012->2013 2019 183820f-183828b 2013->2019 2020 18381ed-18381fd 2013->2020 2014->2013 2015->2014 2019->1954 2020->2019 2023 18381ff-1838208 2020->2023 2023->2019 2036->1863 2037->1863
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: dcc59e2b6f5e6f02f8bc70c6ff56bb9e0c7d3db6b713615ca3063a8caf99c39c
                                                                                                              • Instruction ID: 8c95a8e6f09cae7ca654fe572eec0cde409a2265b773ac589b30d62353a74f3e
                                                                                                              • Opcode Fuzzy Hash: dcc59e2b6f5e6f02f8bc70c6ff56bb9e0c7d3db6b713615ca3063a8caf99c39c
                                                                                                              • Instruction Fuzzy Hash: F7622B31E006198FCB25EF78C95469DB7F2AF89304F1486A9D54AAB354EF309E85CF81
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0183C490, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2111 183c490-183c4dc LdrInitializeThunk 2115 183c4e3-183c4ef 2111->2115 2116 183c4f5-183c4fe 2115->2116 2117 183c6ef-183c702 2115->2117 2118 183c724 2116->2118 2119 183c504-183c519 2116->2119 2120 183c729-183c72d 2117->2120 2118->2120 2124 183c533-183c54e 2119->2124 2125 183c51b-183c52e 2119->2125 2121 183c738 2120->2121 2122 183c72f 2120->2122 2126 183c739 2121->2126 2122->2121 2133 183c550-183c55a 2124->2133 2134 183c55c 2124->2134 2127 183c6c3-183c6c7 2125->2127 2126->2126 2128 183c6d2 2127->2128 2129 183c6c9 2127->2129 2128->2117 2129->2128 2135 183c561-183c563 2133->2135 2134->2135 2136 183c565-183c578 2135->2136 2137 183c57d-183c615 call 183b0d0 2135->2137 2136->2127 2156 183c623 2137->2156 2157 183c617-183c621 2137->2157 2158 183c628-183c62a 2156->2158 2157->2158 2159 183c66d-183c6c1 2158->2159 2160 183c62c-183c62e 2158->2160 2159->2127 2161 183c630-183c63a 2160->2161 2162 183c63c 2160->2162 2164 183c641-183c643 2161->2164 2162->2164 2164->2159 2165 183c645-183c66b 2164->2165 2165->2159
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 9ed568bfeec2eb45d1d250f13bb158b7b8990c39de05654eef365f15206e05c1
                                                                                                              • Instruction ID: 8e1ef9bec07580e2432fb4b3aeaf0f6a34514e47e3ca6bf768cbe96cfdb37f25
                                                                                                              • Opcode Fuzzy Hash: 9ed568bfeec2eb45d1d250f13bb158b7b8990c39de05654eef365f15206e05c1
                                                                                                              • Instruction Fuzzy Hash: 5F616E31A0020A9BDB14EFB8D8587AEBBB2AF94305F14882DD502E7394DF79D945CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FAB70, Relevance: 1.1, Instructions: 1104COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2be0c076da783c22eb4a5b1b6d0e90e8dc40b172710e946560ee1c28708181fc
                                                                                                              • Instruction ID: 5bed82ae0c87cfcf9a51ee435f63c3c9eaa439f6a330bd917c1ee57ca3c447e2
                                                                                                              • Opcode Fuzzy Hash: 2be0c076da783c22eb4a5b1b6d0e90e8dc40b172710e946560ee1c28708181fc
                                                                                                              • Instruction Fuzzy Hash: 8792D130A042058FCB15DFB8D8586AEBBB2EF89304F19846DE609DB396DB35DC46CB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01889180, Relevance: 1.1, Instructions: 1102COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4431502cce4d6e5f5bee2b791d4ba7a384e6b86c5ddbd87df0879add96b85a3c
                                                                                                              • Instruction ID: 177552ddc557430d57d2d1b1a47c7571adf3ed5f56e28a4fe8e76e16e73bf5e1
                                                                                                              • Opcode Fuzzy Hash: 4431502cce4d6e5f5bee2b791d4ba7a384e6b86c5ddbd87df0879add96b85a3c
                                                                                                              • Instruction Fuzzy Hash: DB923874E002188FDB28EB78CC587AE76F2AF99344F1484A9D50AEB384DF319D81CB55
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01885D40, Relevance: 1.0, Instructions: 1031COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: df84b7a5acba019e664012ee24d20d43301e350a4e7b9db576f1c89203a93207
                                                                                                              • Instruction ID: 7e6e2f544cc4c5a965087b4ae7faa4a5244da7705c5dc5f16124fb62d01daea5
                                                                                                              • Opcode Fuzzy Hash: df84b7a5acba019e664012ee24d20d43301e350a4e7b9db576f1c89203a93207
                                                                                                              • Instruction Fuzzy Hash: 9F720231B042158FDB15EB78C854BAEBBF2AF89304F258469E506DB386EB34DD42C791
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188B7D4, Relevance: .7, Instructions: 684COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f1e8ec94a8d0577ca254714d93fa8468c3ce56dcea1460354d1f74adb6c4db2
                                                                                                              • Instruction ID: 52623b39359746c552368c769640129e21f2a1949582afd67f7b0b010d6d68e9
                                                                                                              • Opcode Fuzzy Hash: 2f1e8ec94a8d0577ca254714d93fa8468c3ce56dcea1460354d1f74adb6c4db2
                                                                                                              • Instruction Fuzzy Hash: B642A230A042488FDB25EB6CC85479EBBB2AF85344F25C169D109DF38ACB75DD46CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F2020, Relevance: .5, Instructions: 493COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 21e29ad59c10f2631290f1b8922a1f7a8d15872e05049545d74bfec3ea2ab67d
                                                                                                              • Instruction ID: 179f52e45dd453ab8730366f1640a5fa4c7651440eba21831e2e4e325f835788
                                                                                                              • Opcode Fuzzy Hash: 21e29ad59c10f2631290f1b8922a1f7a8d15872e05049545d74bfec3ea2ab67d
                                                                                                              • Instruction Fuzzy Hash: 9A127C74A042199FDB15DFA8C854AAFBBF2AF88304F15806DE606DB396DB34DC41CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F2618, Relevance: .4, Instructions: 439COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d656eb2580d357729530a6ad773c8765cfffbad2ec6d39be9880154daed0e657
                                                                                                              • Instruction ID: 0941009fd70fde45be22127503309ef6d17c70da0a7891ca9df32a31943f5a5b
                                                                                                              • Opcode Fuzzy Hash: d656eb2580d357729530a6ad773c8765cfffbad2ec6d39be9880154daed0e657
                                                                                                              • Instruction Fuzzy Hash: DC026E31A04109DFDB15CFA8C984AAEFBB6FF48310F158069EA15AB366DB34ED45CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FDDA8, Relevance: 5.3, Strings: 4, Instructions: 316COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 17fdda8-17fddc1 1 17fde7c-17fde8c 0->1 2 17fddc7-17fdddb 0->2 106 17fde8e call 17fe04c 1->106 107 17fde8e call 17fdd99 1->107 108 17fde8e call 17fdda8 1->108 5 17fdddd-17fdddf 2->5 6 17fdde1 2->6 7 17fdde4-17fddf9 5->7 6->7 10 17fddfb-17fde0a 7->10 11 17fde40-17fde69 call 17fda58 7->11 8 17fde94-17fde9b 17 17fde9c 10->17 18 17fde10-17fde13 10->18 15 17fde6b-17fde72 11->15 16 17fde74-17fde7a 11->16 15->8 16->8 20 17fdea1-17fdeaa 17->20 19 17fde19-17fde1f 18->19 18->20 19->11 22 17fde21-17fde3e 19->22 25 17fdead-17fdeae 20->25 26 17fdeac 20->26 22->11 27 17fdeb1-17fdeb2 25->27 28 17fdeb0 25->28 26->25 30 17fdeb5-17fdedb 27->30 31 17fdeb4 27->31 28->27 32 17fdf1d-17fdf1f 30->32 33 17fdedd-17fdee2 30->33 31->30 34 17fdf29-17fdf3d 32->34 35 17fdf21-17fdf27 32->35 36 17fdee8-17fdeeb 33->36 37 17fe103 33->37 58 17fdf3f-17fdf43 34->58 59 17fdf58 34->59 38 17fdf5e-17fdf60 35->38 39 17fe108-17fe116 36->39 40 17fdef1-17fdef7 36->40 37->39 43 17fdf69-17fdf72 38->43 44 17fdf62-17fdf67 38->44 49 17fe119-17fe11a 39->49 50 17fe118 39->50 40->32 42 17fdef9-17fdf18 40->42 64 17fe02d-17fe041 42->64 54 17fdf74-17fdf7d 43->54 55 17fdf82-17fdf94 43->55 44->43 45 17fdfcc-17fdfcf 44->45 45->37 47 17fdfd5-17fdfd8 45->47 47->39 53 17fdfde-17fdfe4 47->53 56 17fe11d-17fe196 call 17fc0d8 call 17fc378 call 17fc0d8 49->56 57 17fe11b-17fe11c 49->57 50->49 61 17fdfe6-17fe003 53->61 62 17fe005-17fe016 53->62 54->62 55->37 69 17fdf9a-17fdf9d 55->69 94 17fe19b-17fe1db call 17fcb08 56->94 57->56 58->59 63 17fdf45-17fdf56 58->63 59->38 61->62 62->64 74 17fe018-17fe027 62->74 63->38 63->59 84 17fe048-17fe0df 64->84 69->39 73 17fdfa3-17fdfa9 69->73 73->62 77 17fdfab-17fdfca 73->77 74->64 77->62 96 17fe0e7-17fe0ed 84->96 97 17fe0e1-17fe0e5 84->97 100 17fe0f7-17fe100 96->100 97->96 99 17fe0ef-17fe0f5 97->99 99->100 106->8 107->8 108->8
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: \$\$\$\
                                                                                                              • API String ID: 0-3238275731
                                                                                                              • Opcode ID: aadea5d0fc8c0b77f71fecdc99b1b35413ab2d2fc186e788a9a5a17cf1dc007f
                                                                                                              • Instruction ID: 22ebc8f876369ee41b799b6204b9940841328f3586553f89e010aa8d2e9a1e0b
                                                                                                              • Opcode Fuzzy Hash: aadea5d0fc8c0b77f71fecdc99b1b35413ab2d2fc186e788a9a5a17cf1dc007f
                                                                                                              • Instruction Fuzzy Hash: B9B11130B002058BDB29EBB9C844BBFB6E2EB98314F15856DD61AD7381EF34DC458B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0183BDB9, Relevance: 1.7, APIs: 1, Instructions: 221libraryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2038 183bdb9-183bdba 2039 183bdbd-183bdc2 2038->2039 2040 183bdbc 2038->2040 2041 183bdc5-183bdd7 2039->2041 2042 183bdc4 2039->2042 2040->2039 2043 183bdd9-183bde3 2041->2043 2044 183bdfc-183be0a 2041->2044 2042->2041 2045 183bde5-183bdf6 2043->2045 2046 183bdf8-183bdfb 2043->2046 2049 183be0d-183be12 2044->2049 2050 183be0c 2044->2050 2045->2046 2051 183be13-183be14 2049->2051 2052 183be15-183be27 2049->2052 2050->2049 2051->2052 2053 183be29-183be33 2052->2053 2054 183be4c-183be5a 2052->2054 2055 183be35-183be46 2053->2055 2056 183be48-183be4b 2053->2056 2059 183be5d-183be5e 2054->2059 2060 183be5c 2054->2060 2055->2056 2061 183be61-183be62 2059->2061 2062 183be60 2059->2062 2060->2059 2064 183be65-183be9f 2061->2064 2065 183be64 2061->2065 2062->2061 2063 183beb3-183bed2 LdrInitializeThunk 2062->2063 2068 183c01b-183c038 2063->2068 2069 183bed8-183bef2 2063->2069 2084 183bea7-183bead 2064->2084 2065->2064 2085 183c03d-183c046 2068->2085 2069->2068 2074 183bef8-183bf12 2069->2074 2079 183bf14-183bf16 2074->2079 2080 183bf18 2074->2080 2082 183bf1b-183bf76 2079->2082 2080->2082 2092 183bf78-183bf7a 2082->2092 2093 183bf7c 2082->2093 2084->2063 2094 183bf7f-183c019 2092->2094 2093->2094 2094->2085
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: f6d3a847d0286b023eb2bf5fd4db7f88d9b392a8b26616097cdea378fea3d32c
                                                                                                              • Instruction ID: c4680bcb6c548eba65611fa1d00627aa3148e5e248df2aae8bea9079234292cc
                                                                                                              • Opcode Fuzzy Hash: f6d3a847d0286b023eb2bf5fd4db7f88d9b392a8b26616097cdea378fea3d32c
                                                                                                              • Instruction Fuzzy Hash: D8713771B043459FCB05EB78C858AAA7BB5AF95304F1884BEE101DB392DB31DD05CBA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0183BE68, Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2175 183be68-183bed2 LdrInitializeThunk 2183 183c01b-183c038 2175->2183 2184 183bed8-183bef2 2175->2184 2195 183c03d-183c046 2183->2195 2184->2183 2187 183bef8-183bf12 2184->2187 2191 183bf14-183bf16 2187->2191 2192 183bf18 2187->2192 2193 183bf1b-183bf76 2191->2193 2192->2193 2202 183bf78-183bf7a 2193->2202 2203 183bf7c 2193->2203 2204 183bf7f-183c019 2202->2204 2203->2204 2204->2195
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 66a29fe08466325beed244b956d9b304bf1aaf702a288b2e2497a07940d27e89
                                                                                                              • Instruction ID: 2b5d249894c48918da4d4270a768f8a454b047ea8c155c08c168dc1ac87a7700
                                                                                                              • Opcode Fuzzy Hash: 66a29fe08466325beed244b956d9b304bf1aaf702a288b2e2497a07940d27e89
                                                                                                              • Instruction Fuzzy Hash: 9F518371B002059FCB05EFB4D858AAEB7B6BF94344F14896AE502DB395DF31E904CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0183EE18, Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2221 183ee18-183ee23 2223 183ee25-183ee4c 2221->2223 2224 183ee4d-183ee63 2221->2224 2227 183ee6a-183ee6c 2224->2227 2228 183ee65 call 183d96c 2224->2228 2229 183ee72-183eea9 2227->2229 2230 183ee6e-183ee71 2227->2230 2228->2227 2235 183eeab-183eeb1 2229->2235 2236 183ef29-183ef2e 2229->2236 2237 183ef31-183ef64 GlobalMemoryStatusEx 2235->2237 2238 183eeb3-183eed1 2235->2238 2236->2237 2241 183ef66-183ef6c 2237->2241 2242 183ef6d-183ef95 2237->2242 2244 183eed3-183eed6 2238->2244 2245 183eed7-183eee9 2238->2245 2241->2242 2249 183eeeb-183ef26 2245->2249 2250 183ef69-183ef6c 2245->2250 2249->2236 2250->2242
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f9d084e14a3f5dbd8a1bd07886222b619c0298f9994a51350a18440556daab10
                                                                                                              • Instruction ID: 7827a7837b76e419cbe3c8bcd8d6a408f470ab1492b309bff2d937d2b112dae4
                                                                                                              • Opcode Fuzzy Hash: f9d084e14a3f5dbd8a1bd07886222b619c0298f9994a51350a18440556daab10
                                                                                                              • Instruction Fuzzy Hash: B3415572D043598FCB10DFA9D4002EEBBF0EF89324F0986AAD518E7241DB789945CBE1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01833068, Relevance: 1.6, APIs: 1, Instructions: 118registryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2251 1833068-1833087 2252 1833089-1833093 2251->2252 2253 18330ac-1833131 2251->2253 2254 1833095-18330a6 2252->2254 2255 18330a8-18330ab 2252->2255 2259 1833133-1833136 2253->2259 2260 1833139-1833143 2253->2260 2254->2255 2259->2260 2261 1833145-183314d 2260->2261 2262 183314f-1833191 RegQueryValueExW 2260->2262 2261->2262 2263 1833193-1833199 2262->2263 2264 183319a-18331d4 2262->2264 2263->2264 2268 18331d6 2264->2268 2269 18331de 2264->2269 2268->2269 2270 18331df 2269->2270 2270->2270
                                                                                                              APIs
                                                                                                              • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01833181
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: QueryValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3660427363-0
                                                                                                              • Opcode ID: cfce304a0d31ed6f9f23122291c7b1f855616b328b57312e72a0f54f017cfd2c
                                                                                                              • Instruction ID: 60564219d39aa401e6860fd9dd3b02a2f470d0e6c2a2ce52d7462f8a60ad329e
                                                                                                              • Opcode Fuzzy Hash: cfce304a0d31ed6f9f23122291c7b1f855616b328b57312e72a0f54f017cfd2c
                                                                                                              • Instruction Fuzzy Hash: A6414670E047599FCB21CFA9C884A9EBBF1BF88310F19806AE819EB350C7749905CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01832DB8, Relevance: 1.6, APIs: 1, Instructions: 113registryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2271 1832db8-1832dba 2272 1832dbd-1832dcf 2271->2272 2273 1832dbc 2271->2273 2274 1832dd1-1832ddb 2272->2274 2275 1832df4-1832e06 2272->2275 2273->2272 2276 1832df0-1832df3 2274->2276 2277 1832ddd-1832dee 2274->2277 2279 1832e09-1832e0a 2275->2279 2280 1832e08 2275->2280 2277->2276 2282 1832e0d-1832e60 2279->2282 2283 1832e0c 2279->2283 2280->2279 2284 1832e62-1832e65 2282->2284 2285 1832e68-1832ed4 RegOpenKeyExW 2282->2285 2283->2282 2284->2285 2287 1832ed6-1832edc 2285->2287 2288 1832edd-1832f15 2285->2288 2287->2288 2292 1832f17-1832f20 2288->2292 2293 1832f28 2288->2293 2292->2293 2294 1832f29 2293->2294 2294->2294
                                                                                                              APIs
                                                                                                              • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 01832EC4
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Open
                                                                                                              • String ID:
                                                                                                              • API String ID: 71445658-0
                                                                                                              • Opcode ID: 3a7466af8167309112ed2ef91381b8c9394fccb9469486f0576552035ced15be
                                                                                                              • Instruction ID: 345a72f4dfaa9b3879fd47d2655ebf6cb0648724dc33f2e880b411414c5075bb
                                                                                                              • Opcode Fuzzy Hash: 3a7466af8167309112ed2ef91381b8c9394fccb9469486f0576552035ced15be
                                                                                                              • Instruction Fuzzy Hash: AB4149B1D043498FDB10CF98C54469EFBF2AF88314F29C56AE908EB341D7759945CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0183C430, Relevance: 1.6, APIs: 1, Instructions: 90libraryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2295 183c430-183c44f 2296 183c451-183c45b 2295->2296 2297 183c474-183c482 2295->2297 2298 183c470-183c473 2296->2298 2299 183c45d-183c46e 2296->2299 2302 183c485-183c486 2297->2302 2303 183c484 2297->2303 2299->2298 2304 183c487-183c488 2302->2304 2305 183c489-183c48a 2302->2305 2303->2302 2304->2305 2306 183c48b-183c48c 2305->2306 2307 183c48d-183c4be 2305->2307 2306->2307 2310 183c4c7-183c4dc LdrInitializeThunk 2307->2310 2311 183c4e3-183c4ef 2310->2311 2312 183c4f5-183c4fe 2311->2312 2313 183c6ef-183c702 2311->2313 2314 183c724 2312->2314 2315 183c504-183c519 2312->2315 2316 183c729-183c72d 2313->2316 2314->2316 2320 183c533-183c54e 2315->2320 2321 183c51b-183c52e 2315->2321 2317 183c738 2316->2317 2318 183c72f 2316->2318 2322 183c739 2317->2322 2318->2317 2329 183c550-183c55a 2320->2329 2330 183c55c 2320->2330 2323 183c6c3-183c6c7 2321->2323 2322->2322 2324 183c6d2 2323->2324 2325 183c6c9 2323->2325 2324->2313 2325->2324 2331 183c561-183c563 2329->2331 2330->2331 2332 183c565-183c578 2331->2332 2333 183c57d-183c615 call 183b0d0 2331->2333 2332->2323 2352 183c623 2333->2352 2353 183c617-183c621 2333->2353 2354 183c628-183c62a 2352->2354 2353->2354 2355 183c66d-183c6c1 2354->2355 2356 183c62c-183c62e 2354->2356 2355->2323 2357 183c630-183c63a 2356->2357 2358 183c63c 2356->2358 2360 183c641-183c643 2357->2360 2358->2360 2360->2355 2361 183c645-183c66b 2360->2361 2361->2355
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: f6ffd092cf854196e7c129e60c9ba01cddbb602b9fd6f4958da9ed7232b4824c
                                                                                                              • Instruction ID: de8df2ff0e00ce89067f99e7a73e1650cdd7c7b65ae64c3e9d162cb80fa463b9
                                                                                                              • Opcode Fuzzy Hash: f6ffd092cf854196e7c129e60c9ba01cddbb602b9fd6f4958da9ed7232b4824c
                                                                                                              • Instruction Fuzzy Hash: E031BE30A053489FDB15DFB8D994AED7BB1AF86304F2884AEE001EB292D735D949CF51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 018330C8, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2371 18330c8-1833131 2373 1833133-1833136 2371->2373 2374 1833139-1833143 2371->2374 2373->2374 2375 1833145-183314d 2374->2375 2376 183314f-1833191 RegQueryValueExW 2374->2376 2375->2376 2377 1833193-1833199 2376->2377 2378 183319a-18331d4 2376->2378 2377->2378 2382 18331d6 2378->2382 2383 18331de 2378->2383 2382->2383 2384 18331df 2383->2384 2384->2384
                                                                                                              APIs
                                                                                                              • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01833181
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: QueryValue
                                                                                                              • String ID:
                                                                                                              • API String ID: 3660427363-0
                                                                                                              • Opcode ID: c75f794df0d535ba285097c453651113131044b6c9d45be612d36d5f8d7edcf6
                                                                                                              • Instruction ID: 0521c451902289ef1063bce0575a1e08fcb44c17f326e7ee68f454147888eb8f
                                                                                                              • Opcode Fuzzy Hash: c75f794df0d535ba285097c453651113131044b6c9d45be612d36d5f8d7edcf6
                                                                                                              • Instruction Fuzzy Hash: E531D0B1D006589FCB20CF9AC884A9EBBF5BF48714F18812AE819AB310D7749945CFA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01832E10, Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2385 1832e10-1832e60 2386 1832e62-1832e65 2385->2386 2387 1832e68-1832ed4 RegOpenKeyExW 2385->2387 2386->2387 2389 1832ed6-1832edc 2387->2389 2390 1832edd-1832f15 2387->2390 2389->2390 2394 1832f17-1832f20 2390->2394 2395 1832f28 2390->2395 2394->2395 2396 1832f29 2395->2396 2396->2396
                                                                                                              APIs
                                                                                                              • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 01832EC4
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Open
                                                                                                              • String ID:
                                                                                                              • API String ID: 71445658-0
                                                                                                              • Opcode ID: 7cbe58f010aa1f829ebc4cc059650573118247715cbecb44d75ae75c6975bb2d
                                                                                                              • Instruction ID: 84f8b2c5af10e64cc61ef65ac5f607f48e9a16159afcc529b86eb08a71b503fc
                                                                                                              • Opcode Fuzzy Hash: 7cbe58f010aa1f829ebc4cc059650573118247715cbecb44d75ae75c6975bb2d
                                                                                                              • Instruction Fuzzy Hash: 0431F0B1D042498FDB10CF99C584A8EFFF5BF88314F28816AE809AB341C7759985CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0183D96C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 2397 183d96c-183ef64 GlobalMemoryStatusEx 2402 183ef66-183ef6c 2397->2402 2403 183ef6d-183ef95 2397->2403 2402->2403
                                                                                                              APIs
                                                                                                              • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,0183EE6A), ref: 0183EF57
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588969908.0000000001830000.00000040.00000001.sdmp, Offset: 01830000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1830000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: GlobalMemoryStatus
                                                                                                              • String ID:
                                                                                                              • API String ID: 1890195054-0
                                                                                                              • Opcode ID: a3539a861ca500766e4cd3595531e6bb2737b16d9d44639642c8076c6a0c3c26
                                                                                                              • Instruction ID: 486638c075c9a7d45d242fad0a445eef514aed8b4dc736d968369a3359835f10
                                                                                                              • Opcode Fuzzy Hash: a3539a861ca500766e4cd3595531e6bb2737b16d9d44639642c8076c6a0c3c26
                                                                                                              • Instruction Fuzzy Hash: 461144B1C046599BCB10CF9AC4447DEFBF4AF48324F05816AE918B7240D378AA45CFE1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FC0D8, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 3052 17fc0d8-17fc13b 3060 17fc142-17fc170 3052->3060 3065 17fc1e8-17fc20c 3060->3065 3066 17fc172-17fc17c 3060->3066 3072 17fc20e 3065->3072 3073 17fc217 3065->3073 3070 17fc17e-17fc184 3066->3070 3071 17fc194-17fc1e6 3066->3071 3074 17fc188-17fc18a 3070->3074 3075 17fc186 3070->3075 3071->3065 3071->3066 3072->3073 3077 17fc218 3073->3077 3074->3071 3075->3071 3077->3077
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: P@k
                                                                                                              • API String ID: 0-782922107
                                                                                                              • Opcode ID: 986b7d8f281f8f0dbf970a52a87a09271165426aa27fc9fd2247caaa2dc4a753
                                                                                                              • Instruction ID: aec82010e75e44292369fc955d3d995b2930f8c1aa47ce9d5b2486583749cf61
                                                                                                              • Opcode Fuzzy Hash: 986b7d8f281f8f0dbf970a52a87a09271165426aa27fc9fd2247caaa2dc4a753
                                                                                                              • Instruction Fuzzy Hash: 7D31E130B001058FDB1AAFB8D8146AFBBE3AF99244B24846DD506EB384DF34CD15CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FC0D7, Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 3084 17fc0d7-17fc13b 3092 17fc142-17fc170 3084->3092 3097 17fc1e8-17fc20c 3092->3097 3098 17fc172-17fc17c 3092->3098 3104 17fc20e 3097->3104 3105 17fc217 3097->3105 3102 17fc17e-17fc184 3098->3102 3103 17fc194-17fc1e6 3098->3103 3106 17fc188-17fc18a 3102->3106 3107 17fc186 3102->3107 3103->3097 3103->3098 3104->3105 3109 17fc218 3105->3109 3106->3103 3107->3103 3109->3109
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: P@k
                                                                                                              • API String ID: 0-782922107
                                                                                                              • Opcode ID: bdd6eee29f4a613b40700876cdcf67be7b9b82fc195a0763508749590b7215e9
                                                                                                              • Instruction ID: a424273d2090d859b55b80a1ed1c4d98befdc6d7ffca96dcac608911d6237c68
                                                                                                              • Opcode Fuzzy Hash: bdd6eee29f4a613b40700876cdcf67be7b9b82fc195a0763508749590b7215e9
                                                                                                              • Instruction Fuzzy Hash: D431B071B001058FDB1AAFB8D8146AFBBE3AF98244B14886DD506EB784DF34CD15CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FDD99, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: \
                                                                                                              • API String ID: 0-2967466578
                                                                                                              • Opcode ID: 19d06d0d05e4b40e249cd9b36034aa8ee0fbf5dffc4e0f71aefa76341656b426
                                                                                                              • Instruction ID: 353c719471bc4c5540ff564964f7f8c6cac6052007df28c9a82128d9b67519e3
                                                                                                              • Opcode Fuzzy Hash: 19d06d0d05e4b40e249cd9b36034aa8ee0fbf5dffc4e0f71aefa76341656b426
                                                                                                              • Instruction Fuzzy Hash: 6A21E471A002155FDB26DBA8C8016BFF6B6AFA8310F10816FD215D7392EB70994587E2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188C600, Relevance: .6, Instructions: 635COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7967ffcf67e370ed713e718aacb1cc75c260014b68d83cdb6b163c1269794d34
                                                                                                              • Instruction ID: 117fb6a564bd0e012cb2e0240804e2746a896a494aef9b97a7b3f69fd93a366d
                                                                                                              • Opcode Fuzzy Hash: 7967ffcf67e370ed713e718aacb1cc75c260014b68d83cdb6b163c1269794d34
                                                                                                              • Instruction Fuzzy Hash: 3B2292307006098FDB25EF6DC9546BD7BA6AF85708F1540AAE502CF3AADB34DE41CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FBBF8, Relevance: .5, Instructions: 506COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: acc471a6fc737f340ec640ad964d08115c49e19dd6763cfea68349ed28943eda
                                                                                                              • Instruction ID: 46413a4dcf67883adeb8d42f4db196d51d6d9b52c6cc3f953c73ad9a6082af96
                                                                                                              • Opcode Fuzzy Hash: acc471a6fc737f340ec640ad964d08115c49e19dd6763cfea68349ed28943eda
                                                                                                              • Instruction Fuzzy Hash: 7C027471A0D3858FD7079B78C8646A6BFF1AF57304F1980EAD644CB397E6299C09C722
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F32D0, Relevance: .5, Instructions: 464COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 332f1617e9e9ca19f4f398b9f8830d9734fa2333aa29282d464e3dd138eb2fb0
                                                                                                              • Instruction ID: 2fcd9dee0b933ae13f40b1e23ae8a5ef4a32e1729265374cd33847d5b331baa1
                                                                                                              • Opcode Fuzzy Hash: 332f1617e9e9ca19f4f398b9f8830d9734fa2333aa29282d464e3dd138eb2fb0
                                                                                                              • Instruction Fuzzy Hash: 83124870A04109DFCB15CF68C588AAFBBB2FF88355F158559E6499B3A2C734EC81CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F2D50, Relevance: .4, Instructions: 448COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 976dcfe87cdaf289f767e5427244b9af77b53109a94df350a9519260a1848cc0
                                                                                                              • Instruction ID: 1a5adb38e1626b795562c856d9acf68ff76c4a8720d82581f13aa623b397f895
                                                                                                              • Opcode Fuzzy Hash: 976dcfe87cdaf289f767e5427244b9af77b53109a94df350a9519260a1848cc0
                                                                                                              • Instruction Fuzzy Hash: CF124734A046099FDB25CF69C884AAEFBF2BF48314F15855DEA499B362DB31EC41CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F16C8, Relevance: .3, Instructions: 346COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4c3909fd5999d9a36c79f15a155521fe755f243a724fa9385b65662c704d6a41
                                                                                                              • Instruction ID: f02ee440a8b06217ca4611ba69ab24b2c2d3d0e2369bff30b202b150f5fecb19
                                                                                                              • Opcode Fuzzy Hash: 4c3909fd5999d9a36c79f15a155521fe755f243a724fa9385b65662c704d6a41
                                                                                                              • Instruction Fuzzy Hash: B3C1E334704250DFDB269B28C89466FBBE2AF89255F45846DE60ACB389CF74CC46CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F4C78, Relevance: .3, Instructions: 316COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ccb4edade111ab648492531369dd48f901efcd3204e6bf2165793c72edf6ddce
                                                                                                              • Instruction ID: fca1e35086c36c74f0ea1e3168be0cbd86be2f0072523ce689506c8379dcf3d3
                                                                                                              • Opcode Fuzzy Hash: ccb4edade111ab648492531369dd48f901efcd3204e6bf2165793c72edf6ddce
                                                                                                              • Instruction Fuzzy Hash: 97D1DB75A041148FCB15CF69D588D9EBBF6BF89314F1A8499E60AAB376CB30EC41CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F4B58, Relevance: .3, Instructions: 303COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: acff7875765a499cbff0175cd6c54d5a6bf0728b561fef2522912ee3fa6a9fc8
                                                                                                              • Instruction ID: bc7114bbd3258046a353a064f0a87a0ef0196ec2e57f73ea2a20dc9c3afb7f00
                                                                                                              • Opcode Fuzzy Hash: acff7875765a499cbff0175cd6c54d5a6bf0728b561fef2522912ee3fa6a9fc8
                                                                                                              • Instruction Fuzzy Hash: 14C1FD71E041158FCB05CF69D58899EFBF2BF89314F1A8099E61AAB366CB30EC41CB54
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE408, Relevance: .3, Instructions: 273COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dcf0ad9b9ece9c88a4aaccf42c47b64295202940e0412f76266d25268b4783de
                                                                                                              • Instruction ID: 337432389c07ace5c6238f4a4fe5bf2467113afa2318ba8548702deed24f9b03
                                                                                                              • Opcode Fuzzy Hash: dcf0ad9b9ece9c88a4aaccf42c47b64295202940e0412f76266d25268b4783de
                                                                                                              • Instruction Fuzzy Hash: D0A17F34B002059FEB119B74DC58B6EB7A6EF84325F158629E6129B3E8DF31DC42CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F2D48, Relevance: .3, Instructions: 271COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3d52b4f69c8c907ef80bc491e4e101f20ef07985fcf7ae8f6e6102d936572cf6
                                                                                                              • Instruction ID: 1f15d5767845b85d817956ddfedaa830d7d9af66fd7a3e513b70549a01ca6993
                                                                                                              • Opcode Fuzzy Hash: 3d52b4f69c8c907ef80bc491e4e101f20ef07985fcf7ae8f6e6102d936572cf6
                                                                                                              • Instruction Fuzzy Hash: 0AC14830A046099FCB15CFA9C884AAEFBF2BF48314F15855DEA55AB362D731ED41CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188B43E, Relevance: .3, Instructions: 258COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 34c61ee0bd4e495d538d32789c498e13e7ac4355fb13615e4a4c18da8dfe112b
                                                                                                              • Instruction ID: e3e9d96dc24af6d7ada51cf4fbd373697d1d65f3eb2ca96d916561f041db3cb0
                                                                                                              • Opcode Fuzzy Hash: 34c61ee0bd4e495d538d32789c498e13e7ac4355fb13615e4a4c18da8dfe112b
                                                                                                              • Instruction Fuzzy Hash: 0C91B130B042058FDB15FBB8D8687AE76E2AFD9304F188429E506DBB95EF34DD068791
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01886DE8, Relevance: .3, Instructions: 251COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 23fef1df4557d57ace7e13e0acb72883117144cf6717ef3cd621e35ddd36b9b7
                                                                                                              • Instruction ID: 3e44adad2fdb1983f0e78c2063fe3f403ea7ebdcd2ab0e2d6b75c14e7a00f5c1
                                                                                                              • Opcode Fuzzy Hash: 23fef1df4557d57ace7e13e0acb72883117144cf6717ef3cd621e35ddd36b9b7
                                                                                                              • Instruction Fuzzy Hash: 8CA1A035A04249DFCF15DFA8C844ADEBFB2BF89304F24816AE905EB2A1D771E945CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188DBF0, Relevance: .2, Instructions: 243COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: aac4def1bffa0f4f3d58c543dc20ef917be7fe8ac69a904bfb65edb972c1ec88
                                                                                                              • Instruction ID: 34922aef8c1308477ff748c4293287e587eb912192dbda15ac991d6b367b719a
                                                                                                              • Opcode Fuzzy Hash: aac4def1bffa0f4f3d58c543dc20ef917be7fe8ac69a904bfb65edb972c1ec88
                                                                                                              • Instruction Fuzzy Hash: 6781BC30B002049FD719ABB8C85876EBAE3ABD5308F29C52DE50ADB3D6DB75DC428751
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F5280, Relevance: .2, Instructions: 234COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7ef3656ffe88b695b455bf7c6299a9981200ed555e100e7d807039ae0f8a3112
                                                                                                              • Instruction ID: 83f05e11d3f0c382036c166faca9181960d4a9724a0a857f346a770d365e5a3c
                                                                                                              • Opcode Fuzzy Hash: 7ef3656ffe88b695b455bf7c6299a9981200ed555e100e7d807039ae0f8a3112
                                                                                                              • Instruction Fuzzy Hash: 4D918B31A042599FCB11CF6CC884A6EBBB5FF45314F16809EEA199B3A2C770E841CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F4890, Relevance: .2, Instructions: 232COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 262be098fa9c7b7fcbfe5337a6379981f2216163c6a48458125cbaa92765dc4a
                                                                                                              • Instruction ID: 97befed0db6131a08ed5d3ff3c09e7811b1e19f648e2135cb01a091c5822a921
                                                                                                              • Opcode Fuzzy Hash: 262be098fa9c7b7fcbfe5337a6379981f2216163c6a48458125cbaa92765dc4a
                                                                                                              • Instruction Fuzzy Hash: 6E71EE303082148FDB26DB78C89466FBBAAAF89214B15446EE657CB396DF31DC42C791
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188B4A0, Relevance: .2, Instructions: 224COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 60c4e1f1ecb1070ca0b1b8b41db1608a31ad4694057b6206d2182295952db5df
                                                                                                              • Instruction ID: 85a09c5cf253ca09219465246955a44f0287522ab60b3878bda76a3a322381ea
                                                                                                              • Opcode Fuzzy Hash: 60c4e1f1ecb1070ca0b1b8b41db1608a31ad4694057b6206d2182295952db5df
                                                                                                              • Instruction Fuzzy Hash: 06716F30B002058FDB15BBB9D8647AE76E3AFD8314F188429D906DB784EF34DD468B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FEBF8, Relevance: .2, Instructions: 213COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9d371405243fec7243d0efa9b4c550403dc224b48d19d53ac23c695834f31942
                                                                                                              • Instruction ID: 12dbf6547168eda080ff6128d6a03762a1a9d0ac5f3300d7e9f5c98ed0fad30c
                                                                                                              • Opcode Fuzzy Hash: 9d371405243fec7243d0efa9b4c550403dc224b48d19d53ac23c695834f31942
                                                                                                              • Instruction Fuzzy Hash: 7A711730A002418BEB15CF2CD84476EFBA2AFC9304F15C1AED6199F7A6DB72C885C751
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188EBE0, Relevance: .2, Instructions: 203COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b4ee532547a081c3749517f6732357654a0e6f8f1d6391d42e58251698de46bb
                                                                                                              • Instruction ID: bf0a84f6547e671f761381c628917cdff610ba2c39f3844732a2195a36ba86c0
                                                                                                              • Opcode Fuzzy Hash: b4ee532547a081c3749517f6732357654a0e6f8f1d6391d42e58251698de46bb
                                                                                                              • Instruction Fuzzy Hash: DB61C030F001189FDB54ABB8C8157AEBAA3EFD8354F20842AD606EB7C1CE758D058B95
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01886AC8, Relevance: .2, Instructions: 201COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c0e34e0f6e7b7f31b5a00a75937bd3b6d9576857433a9733ca1794f6be950c90
                                                                                                              • Instruction ID: d2ad741608d5bb2a8eb174f26ece687a2c3957c8f61d2fdd7f24cc710f7a2e61
                                                                                                              • Opcode Fuzzy Hash: c0e34e0f6e7b7f31b5a00a75937bd3b6d9576857433a9733ca1794f6be950c90
                                                                                                              • Instruction Fuzzy Hash: 00710534B006068FDB25EF2DC894A6A7BE6FF49714F2500A9E901CB3A1EB75DE41CB50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FEAF8, Relevance: .2, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d48999b5174d61d4da4b44690bccac73ea2d5dadda7c338604cdf98bf49af200
                                                                                                              • Instruction ID: e4f1fd707f2576808370de1e85074ba89b2812c8cc4e7f46dbe0838c5cf82f18
                                                                                                              • Opcode Fuzzy Hash: d48999b5174d61d4da4b44690bccac73ea2d5dadda7c338604cdf98bf49af200
                                                                                                              • Instruction Fuzzy Hash: BF518330A0D3844FE752972C885475ABFA29B93204F1A80EFD649CF7A7DA65CD49C722
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F1B18, Relevance: .2, Instructions: 177COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e665b84c28a3e699e5a07aec72b5e2df5ec350be2789b580a326d1b4f8bbfef2
                                                                                                              • Instruction ID: bcf0f838d4c8118d0ee813f7c36487c715b31dd55db4c3819bbe463675239ebd
                                                                                                              • Opcode Fuzzy Hash: e665b84c28a3e699e5a07aec72b5e2df5ec350be2789b580a326d1b4f8bbfef2
                                                                                                              • Instruction Fuzzy Hash: 93618B34A00105CFCB18DF6DC498AAAFBB2BF89245F9580ADD606DB3A5D731EC41CB51
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F3AC9, Relevance: .2, Instructions: 175COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 53bda9ac6d6c478702585cee68b9a833355e80b84a51e80b5fc41e89043aec06
                                                                                                              • Instruction ID: 91e50c59f16e9ece04d7b22dc32f6c55ad7e084af8a6e09b8858ca32363acb85
                                                                                                              • Opcode Fuzzy Hash: 53bda9ac6d6c478702585cee68b9a833355e80b84a51e80b5fc41e89043aec06
                                                                                                              • Instruction Fuzzy Hash: 4B517A353141199FDB04DF3EC894A6BBBE9FF48610B0545AEEA1ACB3A1DB21DC01CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188AE48, Relevance: .2, Instructions: 170COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 314d9e15da4d5b96fbe233b5d6e65f88db5021734f585d6426ff0363fc02a84b
                                                                                                              • Instruction ID: aef08be2488066bed78ed7d5a3d50be5cb82240a27fb61edcd6a424454825bca
                                                                                                              • Opcode Fuzzy Hash: 314d9e15da4d5b96fbe233b5d6e65f88db5021734f585d6426ff0363fc02a84b
                                                                                                              • Instruction Fuzzy Hash: A551A230B083858FD746DBBC9814A6A7BF19F87300F1584BBD549EB396EB398D0A8751
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FB980, Relevance: .2, Instructions: 167COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5b2b3a00dc189b29cf7b0187783107151cb34b5a72454fe6c6b6efd3281335d2
                                                                                                              • Instruction ID: 361113f3085f77369e7c94af26795eb5f099c9b256ad2e82aee1f1ee222b4a10
                                                                                                              • Opcode Fuzzy Hash: 5b2b3a00dc189b29cf7b0187783107151cb34b5a72454fe6c6b6efd3281335d2
                                                                                                              • Instruction Fuzzy Hash: FB71F674D043098FDB41EFB4E89599DBBB2FF58700B14896AE801EB768EB359D05CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188912E, Relevance: .2, Instructions: 160COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f20d7cce18db0a4eab4d681319ff52dbac21b614a65563c31499a6410ad50014
                                                                                                              • Instruction ID: 579fca3cb88c7a1710c2e38b290876fb79f500bea20b960e0fb2306e86aba19a
                                                                                                              • Opcode Fuzzy Hash: f20d7cce18db0a4eab4d681319ff52dbac21b614a65563c31499a6410ad50014
                                                                                                              • Instruction Fuzzy Hash: 93514C34E052198FDB15EF78D8586AE7BB2AF98304F1484A9E50AE7344EF34CD458F50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FD4F0, Relevance: .2, Instructions: 150COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6ce25c41ca6ac4ced19d9a380df7c538e2b840c8fd7db5d15e7557092126a59d
                                                                                                              • Instruction ID: 5fb9fa179019759cdd5b6a29c7fa8d476c86599208e0334809e88def38021641
                                                                                                              • Opcode Fuzzy Hash: 6ce25c41ca6ac4ced19d9a380df7c538e2b840c8fd7db5d15e7557092126a59d
                                                                                                              • Instruction Fuzzy Hash: 0061C074E00218CFCB24EFB4D858A9DBBB6FF88305F14946AE90AA7354DB359945CF50
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FD441, Relevance: .1, Instructions: 142COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2d0cdccc1855e6607b9852dc830731c1c804cf14663f8b07cd35f3348094777e
                                                                                                              • Instruction ID: fe89b774b6b1be6d4b85d2f45dee53c98258ee2ca91734e53cb24102e0e32035
                                                                                                              • Opcode Fuzzy Hash: 2d0cdccc1855e6607b9852dc830731c1c804cf14663f8b07cd35f3348094777e
                                                                                                              • Instruction Fuzzy Hash: 0B5173709083858FCB22DBF8C9146BEBBB1AF56304F1580EED545EB753EA35990ACB11
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F54F1, Relevance: .1, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a0e6c1726f5c9a9461824002aff864083c4d6f716315442920f81ee6356d929e
                                                                                                              • Instruction ID: 70c77b01ccba4bc8d5039468dc08f004e64d89afc2432bef2fa43a7a350beee7
                                                                                                              • Opcode Fuzzy Hash: a0e6c1726f5c9a9461824002aff864083c4d6f716315442920f81ee6356d929e
                                                                                                              • Instruction Fuzzy Hash: FA41E4353042418FCB169F68E8586BB7BF3AF89211B15409EE619CB392DB34CC45CB61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188B78C, Relevance: .1, Instructions: 128COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f7c660822cb89238d90cc079d01bf1f543958ac11e10825de4d77013cfe51660
                                                                                                              • Instruction ID: 32ce51f45f073225325581cdb63f4b58cad08b7433cf1a37316d24523322509d
                                                                                                              • Opcode Fuzzy Hash: f7c660822cb89238d90cc079d01bf1f543958ac11e10825de4d77013cfe51660
                                                                                                              • Instruction Fuzzy Hash: 04415E34B002058FDB25BBB8D86977E76E6AFD8314F184429E906DB795DF34CD028B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE358, Relevance: .1, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 74f4d911954246721415aa61ee5765cd2c81523dadfa3b7ae9b08b597db08fa1
                                                                                                              • Instruction ID: 294451a70c0e33a9c59acb6774a40ba0da1cf1cf988c7cda610bfdadd914586b
                                                                                                              • Opcode Fuzzy Hash: 74f4d911954246721415aa61ee5765cd2c81523dadfa3b7ae9b08b597db08fa1
                                                                                                              • Instruction Fuzzy Hash: 34412630A083814FDB129B789C5866BBFB1DF86210B0A45FED745CB3A7EA2488098752
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FB9E0, Relevance: .1, Instructions: 125COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b2f79541d99c6e524e3704fad9a324418a47ccbc421abe86e005e66cd4947136
                                                                                                              • Instruction ID: 2b189fc8ae5953997aaf2b27ad6a6e498d75709133d7f14534f8a89b28f6995f
                                                                                                              • Opcode Fuzzy Hash: b2f79541d99c6e524e3704fad9a324418a47ccbc421abe86e005e66cd4947136
                                                                                                              • Instruction Fuzzy Hash: 0F51B474D10308CFDB51EFA4E89599DBBB2FF68704B144969E801AB728EB35AD05CF90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01886F3B, Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 68bc7286979eece8981805e7e1496a10c72cb210fa8bff5b37d157e25bfc18df
                                                                                                              • Instruction ID: 8f21d1fb2c5f3b0ea807fe5c6925a9450e12caf6be2748345f91988be0496221
                                                                                                              • Opcode Fuzzy Hash: 68bc7286979eece8981805e7e1496a10c72cb210fa8bff5b37d157e25bfc18df
                                                                                                              • Instruction Fuzzy Hash: A741A035A08249DFCF12DFA8C844A9EBFB1AF49314F208165E915EB296D331EA15CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE1E1, Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ee8615fa2f711918e5b1abba0490ee0aba8e2a477f2fa3a279e1393439f8bbcf
                                                                                                              • Instruction ID: 417151083e618020b995ccaed762b48216380e4f29bbb4212eec61ad2ea7461c
                                                                                                              • Opcode Fuzzy Hash: ee8615fa2f711918e5b1abba0490ee0aba8e2a477f2fa3a279e1393439f8bbcf
                                                                                                              • Instruction Fuzzy Hash: 33411635F086518FDB129BB898042AEBBB1AF45314F1A44AADA05DB363FE34CD058B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F14A8, Relevance: .1, Instructions: 114COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 24e23d998634b4e02c2b6071caa6551fa7ec38978851dab9418fe908c722feeb
                                                                                                              • Instruction ID: b637b288393480c9865b9a12c00ccb32ea61a1b40f5dbe31020a45247ab10ccc
                                                                                                              • Opcode Fuzzy Hash: 24e23d998634b4e02c2b6071caa6551fa7ec38978851dab9418fe908c722feeb
                                                                                                              • Instruction Fuzzy Hash: 3841C331200105DFDF069F69D8586AFBBA6EB88310F54806DFA1AC7351CB35CD66CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F38D8, Relevance: .1, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2a788ef62dd720b416fb8c17e157e531e563b1e5721a2d4a77457121e1399136
                                                                                                              • Instruction ID: 7c2bd651e24c34366fe6bdbef1f06659d7f48951ab1066d96c6adc0d0cbc485a
                                                                                                              • Opcode Fuzzy Hash: 2a788ef62dd720b416fb8c17e157e531e563b1e5721a2d4a77457121e1399136
                                                                                                              • Instruction Fuzzy Hash: B54138747041199FDB15DF29C888AAABBB5FF88318F1100A9FA56CB3A1CB31DD41CB91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE8F0, Relevance: .1, Instructions: 102COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cd7a8f34425bd6f3da7fff82de9f7970500b3bacc2022f11a99531b326cc3d2
                                                                                                              • Instruction ID: 46457e4c7830eabb3a45b4f7dfb30807a93a9700cf0e01a1f1965abf33b36f9b
                                                                                                              • Opcode Fuzzy Hash: 0cd7a8f34425bd6f3da7fff82de9f7970500b3bacc2022f11a99531b326cc3d2
                                                                                                              • Instruction Fuzzy Hash: 5531B631A043558FC782DB7CC80496FFBF5AF86610B0584AED245E7366EF349D058BA2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE240, Relevance: .1, Instructions: 93COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 270e7cb1080670570dd321b2da553716351ef07375c9f1bb08bf0b389a04e3f1
                                                                                                              • Instruction ID: 1bae3c88e4cc1fce2166d745bce5e4c10fbb4f54f6002a61fca17fa8319cd6a5
                                                                                                              • Opcode Fuzzy Hash: 270e7cb1080670570dd321b2da553716351ef07375c9f1bb08bf0b389a04e3f1
                                                                                                              • Instruction Fuzzy Hash: 0D31B431F002158FCB10EBB889046AEBAF5EF88254F15446DEA05E7354FF35DD048BA5
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F3D08, Relevance: .1, Instructions: 92COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 30ae48ac5d8548d26354c6f186c72cbdab109be2205357c1856cf0411b80b8e7
                                                                                                              • Instruction ID: 0b3a6857e79c8fc3c864cad788eb0465c91d1f3e063a402d1dc6363891054f92
                                                                                                              • Opcode Fuzzy Hash: 30ae48ac5d8548d26354c6f186c72cbdab109be2205357c1856cf0411b80b8e7
                                                                                                              • Instruction Fuzzy Hash: B021B6313082054BDB2A2A39985457FBBA7BFD5558714807DD702CF7E6EE25CC82D782
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F3D18, Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 365d71e9a41d8d216c7ca19dcb189e7f4a49a9a71e1f17a3453ecd1ae4119e01
                                                                                                              • Instruction ID: 71e1299f41d4025ebf1a4a4526d23225c4bafce72d76f400323e61951709a825
                                                                                                              • Opcode Fuzzy Hash: 365d71e9a41d8d216c7ca19dcb189e7f4a49a9a71e1f17a3453ecd1ae4119e01
                                                                                                              • Instruction Fuzzy Hash: 602192303042054BEB262A29989867FBA9BBFC8658F14807DD702CF7D5DE65CCC2D782
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F3C10, Relevance: .1, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 303ebb40a631f106bfd99cb1949d9bf2e8083619ed5f9bb6cd54e459e2ef9c11
                                                                                                              • Instruction ID: 06ecdb8eaf322fae6518d959b8eebf8eb5e29a7df3312ab847dcaf2cf3eb49d2
                                                                                                              • Opcode Fuzzy Hash: 303ebb40a631f106bfd99cb1949d9bf2e8083619ed5f9bb6cd54e459e2ef9c11
                                                                                                              • Instruction Fuzzy Hash: BD219F317091599BEB15CE2B9884B6BBFEAFF85210B06446DFA12C7381DB35DC40DBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FAB20, Relevance: .1, Instructions: 82COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f93f59dbfe4a129255dc942c3e8a8cae798925f2802d6a7bf60e408b66ab2747
                                                                                                              • Instruction ID: c989b433e1f6a6ac95bab09109d6239de4d0aee25567ca13325ceca39e54f2ab
                                                                                                              • Opcode Fuzzy Hash: f93f59dbfe4a129255dc942c3e8a8cae798925f2802d6a7bf60e408b66ab2747
                                                                                                              • Instruction Fuzzy Hash: D3316F71A042098FCB05CFA8D9856DEFBF2EB89314F258469D608E7345E735DD45CB90
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0160D53C, Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.587995268.000000000160D000.00000040.00000001.sdmp, Offset: 0160D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_160d000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1392d62d2097dd45223218e4ac3339a992f8d4084e4c1f5a5310ff34b7bd9c1e
                                                                                                              • Instruction ID: 0b1ef9d30f1c36c03bb1cc81ccaf9e4940c42e72e49cc60abb540eafa5564aef
                                                                                                              • Opcode Fuzzy Hash: 1392d62d2097dd45223218e4ac3339a992f8d4084e4c1f5a5310ff34b7bd9c1e
                                                                                                              • Instruction Fuzzy Hash: 4F21C1B1504244DFDB0BDF94DDC0B27BF65FB98328F248669E9094B286C336D856CAA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0161D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588045400.000000000161D000.00000040.00000001.sdmp, Offset: 0161D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_161d000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d943c34006f30379ccf6780996ab4dbc533c6822d30731a48c01246514cb94b5
                                                                                                              • Instruction ID: 0b304fb7f7372e60d60719610febe5bebd2022e42d63937d08186367b7f21eaf
                                                                                                              • Opcode Fuzzy Hash: d943c34006f30379ccf6780996ab4dbc533c6822d30731a48c01246514cb94b5
                                                                                                              • Instruction Fuzzy Hash: DE212575508240DFDB15CF54DCC8B26BBA5FB88355F28C56DD9094B34AC336D847CA61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FEA10, Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 08c4cda565e366aaca1db06607ee4f4a4368a88a6f35d825416ff3753d3dabd3
                                                                                                              • Instruction ID: a2549d3528213fae9aa6c4b419ca9e2b45d0b582ed8d4ca443d89637aaa1aaf1
                                                                                                              • Opcode Fuzzy Hash: 08c4cda565e366aaca1db06607ee4f4a4368a88a6f35d825416ff3753d3dabd3
                                                                                                              • Instruction Fuzzy Hash: EF11B471F043558FCB52A77C88142BFBBE1AB56310B1644BED60AD7356EA34CE098791
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE821, Relevance: .1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5bd71e36240ebcf3b2e38f13bc9f50715226f246199afc90508b15f8e24110d9
                                                                                                              • Instruction ID: 51769ca58d24d0a4d4bcef8063a660637f1f51fcf681f63822c035c08b8cf5d3
                                                                                                              • Opcode Fuzzy Hash: 5bd71e36240ebcf3b2e38f13bc9f50715226f246199afc90508b15f8e24110d9
                                                                                                              • Instruction Fuzzy Hash: 8D11DC71F501198F8B40FFA8D8499AFB7F2FB89200B4081ADD609E3358EF349D058B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F19E0, Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6b0e95361085e12d6bab05c0d8b95798bb8e36668cdc3c64a1b131258378f286
                                                                                                              • Instruction ID: 8b6dd1500e1f90d07836d6124a5b150854ec55f15718b001c5e4be42c9f9acba
                                                                                                              • Opcode Fuzzy Hash: 6b0e95361085e12d6bab05c0d8b95798bb8e36668cdc3c64a1b131258378f286
                                                                                                              • Instruction Fuzzy Hash: 04112335301641CFD72A9629C89056FFBE2EF856A1B4941BEE606CB351CF20CC4ACBC0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0161D006, Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588045400.000000000161D000.00000040.00000001.sdmp, Offset: 0161D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_161d000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b4ef2248c3584e5f9bbdc93ed2e67db1b70eab76c4794c0bc6f3437732ab5342
                                                                                                              • Instruction ID: 9a144536a6cbf8209853631a1f8d8616276caf5fe8b2059c20c2dde5fab80923
                                                                                                              • Opcode Fuzzy Hash: b4ef2248c3584e5f9bbdc93ed2e67db1b70eab76c4794c0bc6f3437732ab5342
                                                                                                              • Instruction Fuzzy Hash: 23218E755093C08FDB02CF64D994B15BF71EB46214F28C5EAD8498B6A7C33A984ACB62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188904F, Relevance: .1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 80e339fdf8a093e7e19c325a6c91a2c44d55a1b12781e66f1c8aadc5220144e0
                                                                                                              • Instruction ID: 4d8df8cdcd8af89c294ae0b1cfdd5a4b61accb3dc2d3957ece7cb922bee77184
                                                                                                              • Opcode Fuzzy Hash: 80e339fdf8a093e7e19c325a6c91a2c44d55a1b12781e66f1c8aadc5220144e0
                                                                                                              • Instruction Fuzzy Hash: 6D115B30F002198FCB50EF68D8489AEB7F6FF8A600B40842DD509E7358EB349D068BA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01886750, Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7d936eaabd3d5b1c85f31a4dbc644ad8fa39f58ace1fa383d3ff5171d0596001
                                                                                                              • Instruction ID: 183851017308c34c94468dc5a00ad30474145e5c25069259c45913bcaa747b87
                                                                                                              • Opcode Fuzzy Hash: 7d936eaabd3d5b1c85f31a4dbc644ad8fa39f58ace1fa383d3ff5171d0596001
                                                                                                              • Instruction Fuzzy Hash: 0611C231B00114DFDB14FA28D448A6AB7A2EB84725F248629D90ACB344FB71DE45C7D1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0160D537, Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.587995268.000000000160D000.00000040.00000001.sdmp, Offset: 0160D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_160d000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f719be4bdebd3dfd11ebae6c118d7ee8120c9f745bda7f7f38bcb6fe184723e3
                                                                                                              • Instruction ID: 0c4c9aba36bebe0d7ad1669978f80f01510575383e97a668453f1e0a31586ee8
                                                                                                              • Opcode Fuzzy Hash: f719be4bdebd3dfd11ebae6c118d7ee8120c9f745bda7f7f38bcb6fe184723e3
                                                                                                              • Instruction Fuzzy Hash: 7011B176404280CFDF17CF94D9C4B16BF72FB84324F2886A9D8094B656C336D45ACBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F5448, Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 16de7f5fe72a18a535d210331839c85754611a479d8da11414bd53164ee583af
                                                                                                              • Instruction ID: 75d22e73fbfdea537c93e05c4fafa3157ec4f83e92164ed67ba502d96e95e47d
                                                                                                              • Opcode Fuzzy Hash: 16de7f5fe72a18a535d210331839c85754611a479d8da11414bd53164ee583af
                                                                                                              • Instruction Fuzzy Hash: AB116AB1E0121AAFCB12DFA8C8406BFBBF5BF48215F10446EEA15E3341D7748A55CBA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188AF90, Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6699db4ce97243aa6444009b927a3f6c58a502cd69abf7f8f25f39e80e759711
                                                                                                              • Instruction ID: c614e3c76007160e7ea93acb352272b64401820da3d02ea958a0d89eb190c33b
                                                                                                              • Opcode Fuzzy Hash: 6699db4ce97243aa6444009b927a3f6c58a502cd69abf7f8f25f39e80e759711
                                                                                                              • Instruction Fuzzy Hash: E7115E30B0021D8F8B40EBBCC8449AEB7F2FFCA610750846DD509E7354EB359E068B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01889060, Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 41007910c8f6e3cf44cb13c02381040019f3ca7e93945d9b8c1564e34f118d31
                                                                                                              • Instruction ID: d84cd36e32b3be82e302e0c2cb76b871be5fc2e63b48891275c7bfdf59cf4159
                                                                                                              • Opcode Fuzzy Hash: 41007910c8f6e3cf44cb13c02381040019f3ca7e93945d9b8c1564e34f118d31
                                                                                                              • Instruction Fuzzy Hash: C6113C30F0011D8F8B40EFB8C8489AEB7F6FF8A610750842DD509E7354EB349D068B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE950, Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9a88baa4945f79c3ef162094261ace3910a06830861b43242e62db540b138e46
                                                                                                              • Instruction ID: 2f64a5af738852c38788c00baeccfa83e589d0a769e2f89dbdd281e136a017d3
                                                                                                              • Opcode Fuzzy Hash: 9a88baa4945f79c3ef162094261ace3910a06830861b43242e62db540b138e46
                                                                                                              • Instruction Fuzzy Hash: 0D113C30B001198F8B40EFBCC8499AEB7F6FF8A650740846DD609E7358EF349D098BA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE830, Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: da6c19d0de71a6afd17b14014c15777f8127ce589f2759471ebd34fd7d38d075
                                                                                                              • Instruction ID: 92fd909667e48cdaaf2e0053099bfbe747fb6023ef5c30aa58d05257c6f01c4b
                                                                                                              • Opcode Fuzzy Hash: da6c19d0de71a6afd17b14014c15777f8127ce589f2759471ebd34fd7d38d075
                                                                                                              • Instruction Fuzzy Hash: AF112731B001198F8B40EBA8D8499AEB7F2EB8A610750856DD609E7358EB349D068B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FC008, Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 65dc957da84494ec9f31ded8ce82c9f02388ece7de4fa0c931f456824934bb35
                                                                                                              • Instruction ID: c69ee30561120213de32c9edf6a052940a96573c0b2a98af7439a9acb4291dc9
                                                                                                              • Opcode Fuzzy Hash: 65dc957da84494ec9f31ded8ce82c9f02388ece7de4fa0c931f456824934bb35
                                                                                                              • Instruction Fuzzy Hash: 61117C70B102198F8B50DFBCD8499AEBBF6FB8C6107108579E94AE3354EF359D028B91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F1629, Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5dab76d7411aefd9d703f413dbbd80d8cac5334b0100a5c7483de1f438d6780b
                                                                                                              • Instruction ID: cd8f4a034be4cc4b33afc5bdadaa54b8f164baa22ff3d13740ad8616eb49f966
                                                                                                              • Opcode Fuzzy Hash: 5dab76d7411aefd9d703f413dbbd80d8cac5334b0100a5c7483de1f438d6780b
                                                                                                              • Instruction Fuzzy Hash: D2017C32600025BBDF169A699C01BAF7BEBEBC87A0F18802DF605D7384DE71885597A4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F5458, Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d718ef561ff5e14e767a9e792e845080a9b4ed45ff4f69c9f993c9cbd301df1b
                                                                                                              • Instruction ID: e827640fffad8a5cc75eaac30770f499311c45460584d7451c88faac44b8da11
                                                                                                              • Opcode Fuzzy Hash: d718ef561ff5e14e767a9e792e845080a9b4ed45ff4f69c9f993c9cbd301df1b
                                                                                                              • Instruction Fuzzy Hash: 4B111871E0121AAFCB11DFA9C8445BFBBF9FB88211F10842EEA15E3340D6749A55CBA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FAA99, Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3cd05aa8b08322b4e77942ab895dcd8e1dad3dfaf250af0280c263391a150abd
                                                                                                              • Instruction ID: eaa28134aba39395e3fd519588916ff61094b2f0ea2616a7965963b0cee42658
                                                                                                              • Opcode Fuzzy Hash: 3cd05aa8b08322b4e77942ab895dcd8e1dad3dfaf250af0280c263391a150abd
                                                                                                              • Instruction Fuzzy Hash: 8D01D675D0C3959FCB038B795D052AABFF49F86220B0940EBD689D7243E6304949CBA1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 01886DD8, Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 699e3cad1072e17ec84d0236407c72c612beac8419313a3a7b48a1d9aadf2d06
                                                                                                              • Instruction ID: 05ec7f0f5b1391f40b9c2a1d33682f780fa666fafed4c31c75648145138cbfed
                                                                                                              • Opcode Fuzzy Hash: 699e3cad1072e17ec84d0236407c72c612beac8419313a3a7b48a1d9aadf2d06
                                                                                                              • Instruction Fuzzy Hash: 97016971E0425D9FCF14CF98C9448DDBBB6FF48320F00826AE905AB254DB319A19CBA0
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FEA70, Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a0c97ede0e60c0de244f9480fd6dc346a528e34eea40a68dcdf96daed557ba4a
                                                                                                              • Instruction ID: ef2e4b0d22a413c9ab17144a90dbc0b421a1341551adab9849ec05f495b74610
                                                                                                              • Opcode Fuzzy Hash: a0c97ede0e60c0de244f9480fd6dc346a528e34eea40a68dcdf96daed557ba4a
                                                                                                              • Instruction Fuzzy Hash: 35F03771F001199F8B50BBBD98186AFBAE5EF98250B05457AD90AD3704EE348E1587D1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188AFEF, Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bd2066eaaf783a59582fe0ea0012f1310425dab81735dbff638abcb3b787767c
                                                                                                              • Instruction ID: c379f0233e2d7a5ea08c52dd33141ad0d33e66b07e08b1bdf4c93f3c64eb91a4
                                                                                                              • Opcode Fuzzy Hash: bd2066eaaf783a59582fe0ea0012f1310425dab81735dbff638abcb3b787767c
                                                                                                              • Instruction Fuzzy Hash: A6E0ED35B501198B8F05EBBCD8449DDB3E2AFD9224B044069E609E7354DE259E0A87A1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 018890BF, Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e862e058993c6d4c2cf58681d8fd34f2c0430673f79d9fc890aa26656d180348
                                                                                                              • Instruction ID: 6ca2ec74a425d9799c15865f870bc8802280d9d29ee2fa78a615e9416e2b1f37
                                                                                                              • Opcode Fuzzy Hash: e862e058993c6d4c2cf58681d8fd34f2c0430673f79d9fc890aa26656d180348
                                                                                                              • Instruction Fuzzy Hash: CDE0ED35F5001D8B8F45EBBCD8489DDB3E2BFD9214B044469D609E7354EE359D098761
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE17F, Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5a2ffd41abd0973de73b38f66a770e8631bf30f1a71c2b1e05c2dd09656d7325
                                                                                                              • Instruction ID: d70c6a8c33ff964051564d4cb32dfe1809621d2e6aa38d7f3c07e4643f51bb1f
                                                                                                              • Opcode Fuzzy Hash: 5a2ffd41abd0973de73b38f66a770e8631bf30f1a71c2b1e05c2dd09656d7325
                                                                                                              • Instruction Fuzzy Hash: 67E0ED35F400198B8F05EBBCD844DDDB3F2AFD9215B0540A9EA09E7354DE259D198761
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE9AF, Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 40bfb05c65ab31e35f1597eec455559068ce8e548a9c743d7f27eb1b1893eff8
                                                                                                              • Instruction ID: cc8753adf11b1ac8686e09a50d9fbe4f8de1b960456198c499cc0dd8144573dd
                                                                                                              • Opcode Fuzzy Hash: 40bfb05c65ab31e35f1597eec455559068ce8e548a9c743d7f27eb1b1893eff8
                                                                                                              • Instruction Fuzzy Hash: 0DE06D35B000198B8F04EBBCD8488DDB3E1BFC9214B004069D609E3358DE359D098B61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FC069, Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4ca3860a6ea31ce717e26db72784d6d5fbd1e7642e367e8a2fe972eef083ffdb
                                                                                                              • Instruction ID: 05dfa2d74b9a4136a2b503ead3bb8d3239d8ff5f1614e7f8cc8071c0433e2d93
                                                                                                              • Opcode Fuzzy Hash: 4ca3860a6ea31ce717e26db72784d6d5fbd1e7642e367e8a2fe972eef083ffdb
                                                                                                              • Instruction Fuzzy Hash: A7E03935B100188B8F14EBBCE8489DCB7F1EB88219B0080B9EA4AE3354DE359C058B62
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE88F, Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2ec51d60be08fe0d1cef72882613cfe9a15ff29637baa82ecde17f97b7195e54
                                                                                                              • Instruction ID: fec6ff90d232b2344e7b7117fbd1d75ccf0c2bfdd4082e76a9a4b3b86f2ac715
                                                                                                              • Opcode Fuzzy Hash: 2ec51d60be08fe0d1cef72882613cfe9a15ff29637baa82ecde17f97b7195e54
                                                                                                              • Instruction Fuzzy Hash: FEE0ED35F400198B8F05FBBCD8549DDB3E1BFD9214B148069EA09E7354DE359D058B61
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FAAA8, Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b46dc1b20db2b3ab1dc8a42c2a0697b67370edad1e1915169bf0eb29ff2c8aec
                                                                                                              • Instruction ID: eec52bc8454874f6987682399e8025d62b625603d7a98c32f45c712e0b6d89c2
                                                                                                              • Opcode Fuzzy Hash: b46dc1b20db2b3ab1dc8a42c2a0697b67370edad1e1915169bf0eb29ff2c8aec
                                                                                                              • Instruction Fuzzy Hash: 09E01275E041199F87509FAD98095AF7BF9EA88211B044476E60DE3300EB704A51CBD1
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F4832, Relevance: .0, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 666443dc701fb73eaaebaa68d510afbbdfbb8e8000fc3e6abfb18e9dfe2a6197
                                                                                                              • Instruction ID: 7b7450ebaf684eb41638d944604bc08284b223b6c1a5de158fa037e80dd45660
                                                                                                              • Opcode Fuzzy Hash: 666443dc701fb73eaaebaa68d510afbbdfbb8e8000fc3e6abfb18e9dfe2a6197
                                                                                                              • Instruction Fuzzy Hash: F9E086367081098FEF15DA55E810BEEB36AEBC0225F2080EEC20987745C7355A169722
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F4883, Relevance: .0, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fcf1513bad1adbeba35da3398fdeffcd12497dff318d355264454d4246b5cf10
                                                                                                              • Instruction ID: 36368dcc667bc39346b0a3089b6ffae5d01c0f8fb8b2caccea10e53e6324c6b9
                                                                                                              • Opcode Fuzzy Hash: fcf1513bad1adbeba35da3398fdeffcd12497dff318d355264454d4246b5cf10
                                                                                                              • Instruction Fuzzy Hash: 33D05EB369C564ABE212404E7C05B97EA4CD7C1A75E1501BFA64EC734194429C4182E4
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017FE04C, Relevance: .0, Instructions: 18COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1d1a3c7aba5be8b7897c24e6d1658e506d367314a5468d00c1d6da83d44f604b
                                                                                                              • Instruction ID: f870b80bfaa1d756c4d0d14fd74ae6f51ebc6c575667a3ef441886e89475ffd8
                                                                                                              • Opcode Fuzzy Hash: 1d1a3c7aba5be8b7897c24e6d1658e506d367314a5468d00c1d6da83d44f604b
                                                                                                              • Instruction Fuzzy Hash: 50D012017193569A5F0816B6152127F10C61E8419EB6B887A9A46CF2EAFE1DC9C123A2
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F1D73, Relevance: .0, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fa60732d38e6f451f885be8ae57de319ee984dd585ef64ba31d837e0e4f1a360
                                                                                                              • Instruction ID: f3e5b40b357205f5b7c596883be256e85c88f71da91ce42ca525a6c9e79c555d
                                                                                                              • Opcode Fuzzy Hash: fa60732d38e6f451f885be8ae57de319ee984dd585ef64ba31d837e0e4f1a360
                                                                                                              • Instruction Fuzzy Hash: 81D05E300282018ED542EB60ED9225A372BDB9151BB448D6E914449B69DB6AC9598781
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F1D80, Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ecb43d8a116956e9ae9c3ad9da0efc63ecb323e9f143e451dff2277090ee6db5
                                                                                                              • Instruction ID: b4155ab9b8c5ff9e2cc4fb5142f2d5cb3f17ce75059db590f943ae380181cfd2
                                                                                                              • Opcode Fuzzy Hash: ecb43d8a116956e9ae9c3ad9da0efc63ecb323e9f143e451dff2277090ee6db5
                                                                                                              • Instruction Fuzzy Hash: E3C012300082054AD945EB61EC9142B735E9A9150A340C96D91044936CDF7599458785
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 017F5721, Relevance: .0, Instructions: 11COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.588912705.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_17f0000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2eed0911ae1145a3d801b412841cb17991b8f7920462e265e651545c024536bc
                                                                                                              • Instruction ID: 4796f7668764f2781f9df760db07f1143a47fbbf5dbcc7528b9d8cc68091eead
                                                                                                              • Opcode Fuzzy Hash: 2eed0911ae1145a3d801b412841cb17991b8f7920462e265e651545c024536bc
                                                                                                              • Instruction Fuzzy Hash: EBC08C3AF01018DB5B00CAC8F0400DCF3A4EB88138B10C097D6195230087310B298A91
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Function 0188A534, Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000007.00000002.589011042.0000000001880000.00000040.00000001.sdmp, Offset: 01880000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_7_2_1880000_Szallitasi adatok.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6b2f520ee4a119ca5cbae29fdbe3f44ebb6b6c961b28bffad2faa463ebf5e99f
                                                                                                              • Instruction ID: 974fc077f7b29e84387881325b674e089db255d0d64c258d86b6616b28dbaecc
                                                                                                              • Opcode Fuzzy Hash: 6b2f520ee4a119ca5cbae29fdbe3f44ebb6b6c961b28bffad2faa463ebf5e99f
                                                                                                              • Instruction Fuzzy Hash: 42B01236304A100B9708EA19CD10D5B97E3EBE1228724C31501B6537E8E730D80C4611
                                                                                                              Uniqueness

                                                                                                              Uniqueness Score: -1.00%

                                                                                                              Non-executed Functions